File checksum & hash

Client

Drop a file or choose one from disk. The page reads bytes only in your tab and prints CRC-32, MD5, SHA-1, SHA-256, SHA-384, and SHA-512—useful for verifying installers, images, and release bundles without sending data to a server.

Integrity checks without uploading

Cryptographic hashes fingerprint file bytes. A matching digest means the bits you hashed match the published value—assuming the same algorithm and an untampered reference. Always compare hashes over the exact file version users will run.

For hashing text or secrets you paste instead of a file, use the crypto workspace on the same host. For IEEE CRC-32 or CRC32C on UTF-8 text or hex bytes (not a file upload), use the CRC-32 tool. For Subresource Integrity attributes (integrity="sha256-…"), use the SRI tool. Never paste production private keys into any online form.

To sanity-check a declared Content-Type or extension against what you downloaded, cross-check with MIME types & extensions—digests verify bytes, not filenames.

Using this page

Pick a file from disk or drop it on the target. Wait for every algorithm you care about to finish, then copy the digest that matches what the publisher documented (same hash family and hex casing). If the value differs, assume a different file—re-download or compare sizes and paths before blaming the hash tool.

File

?

Reads the file once in your browser, then computes CRC-32, MD5, and SHA family digests. Nothing is uploaded—suitable for release artifacts and download verification.

MD5 and SHA-1 are legacy; prefer SHA-256 or SHA-512 for integrity checks when peers agree on the algorithm.

or pick a file below

or drag and drop here · max ~80 MB

Nearby workflows on Toolcore

  • Encrypt & decryptfor pasted text digests or HMAC tabs instead of whole files.
  • CRC-32 / CRC32Cwhen wire formats specify a polynomial checksum instead of SHA.
  • SRI integrityto turn a digest into a script integrity attribute.

Common use cases

  • Verify an installer or archive against a SHA-256 or SHA-512 published on a release page.
  • Confirm two copies of an asset match after sync, email, or USB transfer.
  • Produce MD5 or CRC-32 when a legacy pipeline or device still expects those digests.
  • Spot-check container layers or build artifacts against CI logs before you promote an image tag.

Common mistakes to avoid

  • Expecting the same digest from different tools with different normalization

    Line endings and Unicode normalization can change bytes. Always compare digests on the exact file bytes you intend to ship.

  • Using MD5 or SHA-1 for security-sensitive integrity

    Prefer SHA-256 or SHA-512 for new workflows; older algorithms remain for compatibility checks only.

  • Comparing digests after editing metadata or thumbnails

    Re-encode or re-save operations change bytes. Hash the final artifact you distribute.

FAQ

Is my file uploaded?

No. The file is read with FileReader and digested with Web Crypto or fallbacks entirely in your browser.

Which digest should I publish for downloads?

SHA-256 is widely supported and a good default. Use SHA-512 when your policy asks for a wider hash, and keep the same algorithm when you verify.

How does this relate to the crypto workspace?

The crypto tool hashes pasted text; this page hashes whole files. Use whichever matches your input.

Very large files feel slow or the tab warns about memory—what now?

The browser loads the whole file into memory for hashing. Use a desktop checksum utility or split workflows for multi-gigabyte artifacts; this page targets typical release-sized binaries.

Common search terms

Phrases people search for that match this tool. See the full long-tail keyword index.

  • file checksum sha256 online
  • calculate md5 of file in browser
  • verify download hash locally
  • crc32 file checksum free

More tools

Related utilities you can open in another tab—mostly client-side.