Start of change

sha512 - Calculate and check SHA-512 cryptographic hashes

Format

sha512 [-rbcT] [file ... file ...]

Description

sha512 prints or checks SHA-512 cryptographic hashes.

If you do not specify any files on the command line, or if - is specified as the file name, sha512 reads from standard input (stdin). In this case, the file name is printed as -.

sha512 supports reading sequential MVS data sets, PDS (partitioned data set), or PDSE (partitioned data set extended) members as input files. Error messages are sent to standard error (stderr).

Dependency

ICSF (at least FMID HCR77A0) must be installed and running because sha512 uses the ICSF One-Way Hash Generate callable service. If resource CSFOWH has been defined, the user running the command must have READ access to the CSFOWH profile in the RACF CSFSERV general resource class. For more information about setting up profiles in the CSFSERV general resource class, see Setting up profiles in the CSFSERV general resource class in z/OS Cryptographic Services ICSF Administrator's Guide.

Options

-r
Reverses the output format. If the file operand is not specified, the path name and its leading white space are omitted.
-b
Prints checksum in binary, no file name.
-c
Reads a file containing hashes that were produced by a previous run of sha512 and checks them. The file containing the hashes should be the output of a former run of sha512. That is, each line must contain the name of the file and the check-sum in hexadecimal. For example:
SHA512 (somefile) = 3b7fc7cc370707c1df045c35342f3d64ea7076abd84f8a8c046a7cca2b85901689f3cf4bdc1f5fc232a60456cb9d2f48702bf8f8f1064f9bcc7d70edad9f860e 
SHA512 (x.dat) = 214e7aea1b0e59d4a2d720767b17b61874f26c63a6dfd9e09f51d47a20a7f956af7f9d55dcb9ebf126c6d27fa99055e453ae448be167cef08f1b690466da1e82 
SHA512 (default/blob) = f1f44e92081031f494a6f69ea6d877120059cbc777b0225cdfedb6c9b7d32957c22477b5cf8dbe8cba6f6868dc4813c395cbe6ce6add437f810d236892c9a181
If -r was specified, then the file must look like this:
3b7fc7cc370707c1df045c35342f3d64ea7076abd84f8a8c046a7cca2b85901689f3cf4bdc1f5fc232a60456cb9d2f48702bf8f8f1064f9bcc7d70edad9f860e  somefile 
214e7aea1b0e59d4a2d720767b17b61874f26c63a6dfd9e09f51d47a20a7f956af7f9d55dcb9ebf126c6d27fa99055e453ae448be167cef08f1b690466da1e82  x.dat 
f1f44e92081031f494a6f69ea6d877120059cbc777b0225cdfedb6c9b7d32957c22477b5cf8dbe8cba6f6868dc4813c395cbe6ce6add437f810d236892c9a181  default/blob

The output contains a line for each file that is being checked and includes OK or FAILED as the status. The last line of the output is a summary line, which will be written to standard error (stderr). Following is a sample output of that output: 

somefile: OKx.dat: FAILEDx.dat: FAILED
default/blob: FAILED
sha512: WARNING: 2 checks failed

The longest input line that sha512 can handle is 2048 bytes. Longer lines are truncated or split into multiple lines.

-T
Enables the automatic conversion of tagged files to be calculated checksums.

Usage notes

  1. If you specify sequential MVS data sets, PDS or PDSE members as input files to calculate cryptographic hashes, sha512 reads them as binary.
  2. Data sets with spanned records are not allowed.

Localization

sha512 uses the following localization environment variables:
  • LANG
  • LC_ALL
  • LC_CTYPE
  • LC_MESSAGES
  • LC_TYPE
  • NLSPATH

Examples

  1. To print the hash in binary: 
    sha512 -b /data/app/accnt.xml
  2. To print the hash of an MVS data set: 
    sha512 "//'SYS2.LOADLIB(XYZMOD)"
  3. To print the hash of a string: 
    echo 'Hi there' | sha512
  4. To check all hashes listed in file sums.1st: 
    sha512 -c sums.lst
  5. To print the hash of a file that is tagged as ASCII: 
    sha512 -T /app/account.dat

Exit values

0
Successful completion.
1
Failure due any of the following:
  • Inability to open a file.
  • An error reading the input file.
  • Error turning off the automatic conversion of the input file.
  • Line too long.
  • Bad line format.
  • Cryptographic hash check failed.
2
Unknown command-line option.
3
ICSF is not available.
4
ICSF callable service error.

If an ICSF error occurs, an error message that displays the return and reason code from the ICSF service is issued. For more information about return and reason codes, see ICSF and cryptographic coprocessor return and reason codes in z/OS Cryptographic Services ICSF Application Programmer's Guide.

Related information

md5, rmd160, sha1, sha224, sha256, sha384

End of change