Start of change

md5 - Calculate and check MD5 cryptographic hashes

Format

md5 [-rbcT] [file ... file ...]

Description

md5 prints or checks MD5 (128 bits) cryptographic hashes.

Important: If you are using this command for security purposes, use the sha-2 algorithms such as sha224, sha256, sha384, or sha512 instead because they are more resilient to attacks.

If you do not specify any files on the command line, or if - is specified as the file name, md5 reads from standard input (stdin). In this case, the file name is printed as -.

md5 supports reading sequential MVS data sets, PDS (partitioned data set), or PDSE (partitioned data set extended) members as input files. Error messages are sent to standard error (stderr).

Dependency

ICSF (at least FMID HCR77A0) must be installed and running because md5 uses the ICSF One-Way Hash Generate callable service. If resource CSFOWH has been defined, the user running the command must have READ access to the CSFOWH profile in the RACF CSFSERV general resource class. For more information about setting up profiles in the CSFSERV general resource class, see Setting up profiles in the CSFSERV general resource class in z/OS Cryptographic Services ICSF Administrator's Guide.

Options

-r
Reverses the output format. If the file operand is not specified, the path name and its leading white space are omitted.
-b
Prints checksum in binary, no file name.
-c
Reads a file that contains hashes that were produced by a previous run of md5 and checks them. The file containing the hashes should be the output of a former run of md5. That is, each line must contain the name of the file and the check-sum in hexadecimal. For example:
MD5 (somefile) = 8403ea2c155efe868f993d528b3778dc
MD5 (x.dat) = aba8f8f8e6db05fc8b9f97499baed0a7
MD5 (default/blob) = e7f1f438e47c281426b47b12b2067d7f
If -r was specified, then the file must look like this:
8403ea2c155efe868f993d528b3778dc  somefile
aba8f8f8e6db05fc8b9f97499baed0a7  x.dat
e7f1f438e47c281426b47b12b2067d7f  default/blob

The output contains a line for each file that is being checked and includes OK or FAILED as the status. The last line of the output is a summary line, which will be written to standard error (stderr). Following is a sample output of that output: 

somefile: OK 
x.dat: FAILED 
default/blob: FAILED 
md5: WARNING: 2 checks failed

The longest input line that md5 can handle is 2048 bytes. Longer lines are truncated or split into multiple lines.

-T
Enables the automatic conversion of tagged files to be calculated checksums.

Usage notes

  1. If you specify sequential MVS data sets, PDS or PDSE members as input files to calculate cryptographic hashes, md5 reads them as binary.
  2. Data sets with spanned records are not allowed.

Localization

md5 uses the following localization environment variables:
  • LANG
  • LC_ALL
  • LC_CTYPE
  • LC_MESSAGES
  • LC_TYPE
  • NLSPATH

Examples

  1. To print the hash in binary: 
    md5 -b /data/app/accnt.xml
  2. To print the hash of an MVS data set: 
    md5 "//'SYS2.LOADLIB(XYZMOD)"
  3. To print the hash of a string: 
    echo 'Hi there' | md5
  4. To check all hashes listed in file sums.1st: 
    md5 -c sums.lst
  5. To print the hash of a file that is tagged as ASCII: 
    md5 -T /app/account.dat

Exit values

0
Successful completion.
1
Failure due any of the following:
  • Inability to open a file.
  • An error reading the input file.
  • Error turning off the automatic conversion of the input file.
  • Line too long.
  • Bad line format.
  • Cryptographic hash check failed.
2
Unknown command-line option.
3
ICSF is not available.
4
ICSF callable service error.

If an ICSF error occurs, an error message that displays the return and reason code from the ICSF service is issued. For more information about return and reason codes, see ICSF and cryptographic coprocessor return and reason codes in z/OS Cryptographic Services ICSF Application Programmer's Guide.

Related information

rmd160, sha1, sha224, sha256, sha384, sha512

End of change