File Checksum
Drop any file to generate its checksum. Paste an expected hash to verify the file is intact and hasn't been tampered with. All hashing runs locally in your browser.
Drop any file here
or click to browse. All processing is local
ALGORITHM
DISPLAY
Drop any file to generate its checksum. Compare against a publisher's hash to verify integrity.
How it works
Your file is streamed into memory through the File API and then passed to crypto.subtle.digest with the algorithm you select (SHA-256 by default, with SHA-512 and SHA-1 also available). The resulting digest is displayed as a hex string ready to compare against the value published by the file's author. Paste a known good checksum into the verification field and the page highlights whether the two values match.
Processing runs in your browser
Your file is read directly by the browser. All hashing happens locally, our servers are not involved at any point. You can verify this yourselfin your browser's DevTools Network tab.
Technical specification
SHA-256 is specified in FIPS PUB 180-4 (NIST, 2015). SHA-256 produces a 256-bit (32-byte) digest encoded as 64 hexadecimal characters. Both are part of the SHA-2 family and remain approved for all security applications including TLS certificates, code signing, and HMAC construction.
- Output size
- 256 bits (64 hex characters)
- Standard
- FIPS PUB 180-4 (NIST)
- Browser API
- SubtleCrypto.digest()
- Security status
- Approved, recommended for all uses
Related operations
For encoding the result as Base64 for transport, try Base64. To generate strong random secrets to hash, use the password generator. For random unique identifiers without a hash collision risk, see the UUID generator.
Frequently asked questions
- What is a file checksum?
- A checksum is a hash of a file's contents. If even one byte changes, the hash changes completely. You can compare a checksum to a value published by a software author to verify you downloaded the correct file.
- Which algorithm should I use for verification?
- Use whatever algorithm the publisher provides. SHA-256 is the most common today. Avoid MD5 and SHA-1 for security-sensitive verification.
- Is my file uploaded anywhere?
- All processing runs in your browser. The file is read using the File API and hashed with the SubtleCrypto API.
- Is there a file size limit?
- Files up to 10 MB are supported. The hash computes locally in your browser using the Web Crypto API for SHA variants, or a JavaScript implementation for MD5.