File Hashing Is Built Into Windows

Note: This post was updated on 08/08/2021 to include instructions for PowerShell.

I always used to download the md5sum.exe and sha1sum.exe files when I needed to generate a file’s hash in Windows.

I just discovered that certutil.exe, included with Windows 7 and Windows Server 2008 R2 (and later), will do this for you (I’m not sure if it was included in earlier versions of Windows).

Hashing with cmd.exe

Just use the following commands in a cmd.exe shell to generate the appropriate hash:

  • MD5:   certutil -hashfile C:\Windows\notepad.exe MD5
  • SHA-1:   certutil -hashfile C:\Windows\notepad.exe SHA1
  • SHA-256: certutil -hashfile C:\Windows\notepad.exe SHA256
  • SHA-512: certutil -hashfile C:\Windows\notepad.exe SHA512

Note that it defaults to SHA-1 if you do not specify a hashing algorithm.

Also note that in Windows 10 (and possibly earlier), the MD2, MD4, MD5, SHA1, SHA256, SHA384, SHA512values are all valid for the algorithm parameter.

Hashing with PowerShell

To get similar functionality in PowerShell, use the following command.

Get-FileHash -Algorithm <algorithm> -Path <filename>

For example, to get Notepad’s SHA-256 hash, you would run the following:

Get-FileHash -Algorithm SHA256 -Path C:\Windows\notepad.exe