sha512sum — Hash a file with SHA-512 in bash, zsh, fish, PowerShell, and cmd across all 5 shells
Equivalents in every shell
sha512sum file.binGNU coreutils binary. Output `<128-hex>␣␣<filename>` — 128-char lowercase hex (twice the width of SHA-256). Same flags as `sha256sum`: `-c` for manifest verification, `--tag` for BSD-style output, `--check --quiet` for CI-friendly verification. SHA-512 is part of the SHA-2 family — currently considered cryptographically sound for all uses including digital signatures.
sha512sum file.binExternal GNU binary on Linux. macOS does NOT ship `sha512sum` (BSD base OS lacks it) — use `shasum -a 512 file.bin` (Perl, bit-compatible 128-hex output) or `brew install coreutils` for `gsha512sum`.
sha512sum file.binSame external. Common idiom: `set -l h (sha512sum file.bin | cut -d' ' -f1)` for just-the-hash. SHA-512 manifest files are sometimes preferred for git-LFS / archival deduplication where collision resistance is paramount; fish's `string` builtin makes manifest-parsing cleaner than bash's `cut`+`awk` chain.
Get-FileHash file.bin -Algorithm SHA512Same `FileHashInfo` shape — `Hash` is 128-char UPPERCASE. On 64-bit CPUs WITHOUT SHA-NI crypto extensions (most x86_64 chips before 2017, ARM before crypto-extension), SHA-512 is faster than SHA-256 because its block size (1024-bit) maps better to 64-bit arithmetic. On hardware-accelerated chips, SHA-256 is the same speed or faster.
certutil -hashfile file.bin SHA5123-line verbose output. Built into Windows since Vista. The hex output is 128 chars long — older Win10 versions inserted spaces every 4 hex chars for readability (e.g. `1234 5678 9abc ...`); parse with `findstr` + `tokens=*` then `set "x=%i" & set "x=%x: =%"` to strip spaces. Recent Win11 builds emit unbroken hex.
Worked examples
Hash a file and store the hash in a manifest file
sha512sum file.bin > file.bin.sha512(Get-FileHash file.bin -Algorithm SHA512).Hash.ToLower() | Out-File file.bin.sha512Verify a release archive against vendor-provided SHA-512 (the modern best-practice for downloads)
sha512sum -c release.tar.gz.sha512if ((Get-FileHash release.tar.gz -Algorithm SHA512).Hash -eq (Get-Content release.tar.gz.sha512 -Raw).Trim().ToUpper()) { "OK" } else { "MISMATCH" }Hash multiple files in parallel (much faster than sequential on large file sets)
find . -type f -print0 | xargs -0 -P "$(nproc)" -n 1 sha512sum > SHA512SUMSGet-ChildItem -Recurse -File | ForEach-Object -Parallel { (Get-FileHash $_ -Algorithm SHA512).Hash + " " + $_.FullName } -ThrottleLimit ([Environment]::ProcessorCount)Gotchas
- SHA-512 output is 128 hex chars — twice as long as SHA-256's 64. Some manifest formats (older Yum repodata, older PyPI hashes) have field-length assumptions baked in and silently truncate SHA-512 to 64 chars, producing a non-verifiable hash. Always test verification round-trip on a known-good file when adopting SHA-512 in tooling.
- **Speed depends on hardware.** On x86_64 with SHA-NI (Intel Goldmont/Tiger Lake and later, AMD Zen and later), SHA-256 has hardware acceleration but SHA-512 does NOT — SHA-256 wins. On older x86_64 / ARM WITHOUT SHA extensions, SHA-512's 64-bit-friendly block size makes it faster than SHA-256. For multi-GB files on modern hardware, prefer SHA-256; for archival on older / cross-arch systems, SHA-512 may be faster.
- Trailing-newline trap applies — `echo "x" | sha512sum` ≠ `printf x | sha512sum`. Use `printf` for deterministic string hashing.
- pwsh emits UPPERCASE 128-char hex; `sha512sum` emits lowercase. Normalize when comparing across the OS divide.
- SHA-512/224 and SHA-512/256 are TRUNCATED variants (FIPS 180-4) producing 224 / 256-bit hashes from the SHA-512 internal state — NOT the same as SHA-256 (the algorithms have different IVs). Few tools support them by name. `shasum -a 512256` does; `sha256sum` does not (`sha256sum` only emits SHA-256, period). Don't confuse a 64-char hex output from `shasum -a 512256` with one from `sha256sum` — they're different cryptographic values.