Start of change

sha384 - Calculate and check SHA-384 cryptographic hashes

Format

sha384 [-rbcT] [file ... file ...]

Description

sha384 prints or checks SHA-384 cryptographic hashes.

If you do not specify any files on the command line, or if - is specified as the file name, sha384 reads from standard input (stdin). In this case, the file name is printed as -.

sha384 supports reading sequential MVS data sets, PDS (partitioned data set), or PDSE (partitioned data set extended) members as input files. Error messages are sent to standard error (stderr).

Dependency

ICSF (at least FMID HCR77A0) must be installed and running because sha384 uses the ICSF One-Way Hash Generate callable service. If resource CSFOWH has been defined, the user running the command must have READ access to the CSFOWH profile in the RACF CSFSERV general resource class. For more information about setting up profiles in the CSFSERV general resource class, see Setting up profiles in the CSFSERV general resource class in z/OS Cryptographic Services ICSF Administrator's Guide.

Options

-r
Reverses the output format. If the file operand is not specified, the path name and its leading white space are omitted.
-b
Prints checksum in binary, no file name.
-c
Reads a file containing hashes that were produced by a previous run of sha384 and checks them. The file containing the hashes should be the output of a former run of sha384. That is, each line must contain the name of the file and the check-sum in hexadecimal. For example:
SHA384 (somefile) = e8e4d9727695438c7f5c91347e50e3d68eaab5fe3f856685de5a80fbaafb3c1700776dea0eb7db09c940466ba270a4e4 
SHA384 (x.dat) = 1f0ee3e77c92afdc0650e333b4b18816f7f54d7237ac766fefb5e0e9e39cd1f824a0f7de0481417cc106f2c7e73aa402  
SHA384 (default/blob) = e4d966e14a785984f8c5d4789ebaf4f00ad3153e9e106ff3f896b356da0022fe88a6d60014fcf841516966fd6bcfbba4
If -r was specified, then the file must look like this:
e8e4d9727695438c7f5c91347e50e3d68eaab5fe3f856685de5a80fbaafb3c1700776dea0eb7db09c940466ba270a4e4  somefile 
1f0ee3e77c92afdc0650e333b4b18816f7f54d7237ac766fefb5e0e9e39cd1f824a0f7de0481417cc106f2c7e73aa402  x.dat 
e4d966e14a785984f8c5d4789ebaf4f00ad3153e9e106ff3f896b356da0022fe88a6d60014fcf841516966fd6bcfbba4  default/blob

The output contains a line for each file that is being checked and includes OK or FAILED as the status. The last line of the output is a summary line, which will be written to standard error (stderr). Following is a sample output of that output: 

somefile: OKx.dat: FAILED
x.dat: FAILED
default/blob: FAILED
sha384: WARNING: 2 checks failed

The longest input line that sha384 can handle is 2048 bytes. Longer lines are truncated or split into multiple lines.

-T
Enables the automatic conversion of tagged files to be calculated checksums.

Usage notes

  1. If you specify sequential MVS data sets, PDS or PDSE members as input files to calculate cryptographic hashes, sha384 reads them as binary.
  2. Data sets with spanned records are not allowed.

Localization

sha384 uses the following localization environment variables:
  • LANG
  • LC_ALL
  • LC_CTYPE
  • LC_MESSAGES
  • LC_TYPE
  • NLSPATH

Examples

  1. To print the hash in binary: 
    sha384 -b /data/app/accnt.xml
  2. To print the hash of an MVS data set: 
    sha384 "//'SYS2.LOADLIB(XYZMOD)"
  3. To print the hash of a string: 
    echo 'Hi there' | sha384
  4. To check all hashes listed in file sums.1st: 
    sha384 -c sums.lst
  5. To print the hash of a file that is tagged as ASCII: 
    sha384 -T /app/account.dat

Exit values

0
Successful completion.
1
Failure due any of the following:
  • Inability to open a file.
  • An error reading the input file.
  • Error turning off the automatic conversion of the input file.
  • Line too long.
  • Bad line format.
  • Cryptographic hash check failed.
2
Unknown command-line option.
3
ICSF is not available.
4
ICSF callable service error.

If an ICSF error occurs, an error message that displays the return and reason code from the ICSF service is issued. For more information about return and reason codes, see ICSF and cryptographic coprocessor return and reason codes in z/OS Cryptographic Services ICSF Application Programmer's Guide.

Related information

md5, rmd160, sha1, sha224, sha256, sha512

End of change