File Checksum
Pick a file to compute its SHA-256, SHA-1, SHA-384 and SHA-512 checksum. Paste the value published by the source to verify it on the spot (tamper detection). Switch the output format to “SRI” to also generate integrity="sha384-…" attributes for CDN scripts. Large files are read in chunks with a progress bar. Everything happens on your device — files never leave it.
Drag & drop a file, or click to choose
Any format works. Files are processed only on your device and never leave it.
How to use the file checksum tool
Drag & drop a file or click the box to choose one, and the selected algorithm (SHA-256 by default) is computed. Copy any value with the “Copy” button. Paste the source's published value into the verify field and the matching algorithm shows Match ✓ or Mismatch ✗.
Example: the SHA-256 of an empty (0-byte) file is e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855. If the SHA-256 listed on a download page exactly matches the value computed here, the download is intact and untampered. Even a single different byte changes the value drastically.
- SHA-256: 256-bit (64 hex chars). The standard choice for tamper detection.
- SHA-1: 160-bit (40 hex chars). For checking older artifacts; not recommended for security.
- SHA-512: 512-bit (128 hex chars). Longer output, higher safety margin.
How this differs from text hash generation
This tool computes the checksum from the file's raw bytes. To hash a pasted string, use the Hash Generator. Large files are read in chunks so you can follow progress on the bar.
Generating SRI (Subresource Integrity) attributes
Switch the output format to “SRI” to generate the base64 integrity attribute you add to a CDN <script> or <link>. Pick app.js, for example, and you get a line like integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6…" — paste it straight into the tag (along with crossorigin="anonymous"). SHA-384 is common for SRI; SHA-256 and SHA-512 are also available. SHA-1 is not valid for SRI, so it isn't output.