Skip to content
shellmap

md5sumHash a file with MD5 in bash, zsh, fish, PowerShell, and cmd (integrity-only — not for security) across all 5 shells

Equivalents in every shell

Bashunix
md5sum file.bin

GNU coreutils binary. Output `<32-hex>␣␣<filename>`, lowercase. `--check` / `-c manifest.md5` verifies hashes. `--tag` switches to BSD-style output (`MD5 (file.bin) = <hex>`) — compatible with macOS `md5` and `openssl dgst`. **MD5 is cryptographically broken** (collision attacks since 2008) — use SHA-256+ for any security purpose; MD5 remains acceptable ONLY for cache keys, network deduplication, or non-adversarial integrity checks.

Zshunix
md5sum file.bin

Linux uses external `md5sum` from coreutils. macOS DOES NOT ship `md5sum` — instead it ships BSD `md5` (different name, BSD-format output `MD5 (file.bin) = <hex>`). For cross-OS scripts: `md5sum 2>/dev/null || md5 -r` (BSD `md5 -r` mimics the GNU `<hash> <file>` format).

Fishunix
md5sum file.bin

Same external binary on Linux; on macOS use `md5 -r file.bin` (BSD md5 with reverse output for GNU-compatible layout). Fish has no shell builtin. `set -l md (md5sum file.bin | string split " ")[1]` extracts just the hash into a local variable.

PowerShellwindows
Get-FileHash file.bin -Algorithm MD5

`-Algorithm MD5` returns the same `FileHashInfo` object as SHA-256 with UPPERCASE hex. **pwsh emits no deprecation warning** despite MD5 being cryptographically broken — the cmdlet treats MD5 as a legitimate algorithm choice. Use for compatibility with old Windows tools (.NET assembly hashes, NTFS file dedup hashes, Internet Explorer cache keys) but never for security verification.

cmd.exewindows
certutil -hashfile file.bin MD5

Same 3-line verbose format as the SHA-256 variant — header, hash (uppercase, sometimes space-padded), trailer. `certutil -hashfile` accepts `MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512` as algorithm strings. Built into Windows since Vista; no extra install required.

Worked examples

Hash a file and get only the hash (no filename)

Bash
md5sum file.bin | awk '{print $1}'
PowerShell
(Get-FileHash file.bin -Algorithm MD5).Hash.ToLower()
cmd.exe
for /f "skip=1 tokens=1" %i in ('certutil -hashfile file.bin MD5 ^| findstr /v ":"') do @echo %i

Verify a file against a known MD5 (e.g. checksum from a download page)

Bash
echo "abc123...  file.bin" | md5sum -c
PowerShell
if ((Get-FileHash file.bin -Algorithm MD5).Hash -eq "ABC123...".ToUpper()) { "OK" } else { "MISMATCH" }

Compute MD5 of a small string for a cache key

Bash
printf "%s" "https://api.example.com/v1/users/42" | md5sum | cut -c1-32
PowerShell
$md5 = [Security.Cryptography.MD5]::Create(); [BitConverter]::ToString($md5.ComputeHash([Text.Encoding]::UTF8.GetBytes("https://api.example.com/v1/users/42"))).Replace("-","").ToLower()

Gotchas

  • **MD5 is cryptographically broken.** Collision attacks have been practical since 2008 (Stevens et al. fabricated colliding X.509 certs); chosen-prefix attacks since 2009. NEVER use MD5 for digital signatures, password storage, or attack-resistant integrity. It remains acceptable only for cache keys, deduplication, file-corruption detection across trusted networks, or compatibility with legacy systems that hardcode MD5. Even in those cases, prefer SHA-256 if the consumer supports it.
  • macOS has NO `md5sum` — only `md5`. Worse, `md5` has DIFFERENT output formats: bare `md5 file.bin` prints `MD5 (file.bin) = <hex>` (BSD style); `md5 -q file.bin` prints just the hex; `md5 -r file.bin` prints `<hex> file.bin` (GNU-style but with a single space, not two). Scripts that parse `md5sum` output break in three different ways on macOS depending on the flag chosen — always test on macOS, or use `openssl dgst -md5` which has consistent output across OSes.
  • **Trailing-newline trap** applies as for `sha256sum`: `echo "x" | md5sum` differs from `printf x | md5sum` differs from `printf "x\n" | md5sum`. Use `printf` for deterministic string hashing across systems.
  • pwsh `Get-FileHash` and bash `md5sum` produce the same hex bytes but in DIFFERENT case — UPPERCASE vs lowercase. Comparison code must normalize: `(Get-FileHash X -Algorithm MD5).Hash.ToLower() -eq "abc123..."`.
  • MD5 fingerprints in `~/.ssh/known_hosts` use the BASE64 form `MD5:aa:bb:cc:...` — NOT the raw hex from `md5sum`. They're calculated over the wire-format DER public key, not the file. Use `ssh-keygen -lf id_ed25519.pub -E md5` to print one in the same format ssh shows. (And note ssh has used SHA-256 by default since OpenSSH 6.8, 2015.)

WSL & PowerShell Core notes

pwsh`Get-FileHash -Algorithm MD5` is identical on every pwsh platform — no install needed. Performance is similar to SHA-256 (both leverage hardware acceleration where available). The MD5 algorithm is FIPS-validated for non-security use; using MD5 on a FIPS-enforced Windows host requires an explicit registry override (`Set-ItemProperty HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy Enabled 0`) — pwsh otherwise throws `System.InvalidOperationException`.
WSLWSL `md5sum` works as on Linux; cross-system manifest verification with Windows-side tools requires normalizing UPPERCASE / lowercase. macOS users frequently hit the `md5` vs `md5sum` mismatch when reading Linux-authored READMEs — flag the OS in any `--help` text that documents MD5 verification flows.

Common tasks using md5sum

Related commands