Get File Hash Checksum (MD5, SHA-256) via Right-click Menu

Do you need to compare two files or make sure a file has not changed? The PowerShell cmdlet Get-FileHash generates hash values both for files or streams of data. A hash is simply a function that converts one value into another. Sometimes the hash value may be smaller to save on space, or the hash value may be a checksum used to validate a file.

How to Use the Get-FileHash PowerShell Cmdlet

Boost your career with the AWS Certified Solutions Architect certification. Get a FREE prep guide: deep dive into exam domains, preparation tips, and valuable resources. Download.

Table of Contents

Do you need to compare two files or make sure a file has not changed? The PowerShell cmdlet Get-FileHash generates hash values both for files or streams of data. A hash is simply a function that converts one value into another. Sometimes the hash value may be smaller to save on space, or the hash value may be a checksum used to validate a file.

Not a reader? Watch this related video tutorial!

Not seeing the video? Make sure your ad blocker is disabled.

In this article, you will learn several ways to use Get-FileHash as well as more details on hashing background and security best practices!

Prerequisites

Any version of PowerShell greater than 4, which includes both Windows PowerShell and PowerShell Core.

What is a Hash?

What if you can create a simple value that represents a bit of data or file? A hash value or digital signature allows you to compare two sets of data. Hashes are considered consistent and functional because the same input will always create the same output.

Therefore a hash will be different if even a single character in the input is changed. Hashes are computed using a specific hashing algorithm, the method of computing the hash value.

Each hashing algorithm has specific situations that it is well suited for. Often there is a tradeoff between speed and security. An algorithm such as MD5 is fast, but with less complex hash values. On the other hand, SHA512 generates more complex hashes but is slower overall.

For security measures, MD5 is typically not recommended. Instead, try to use SHA512.

One important use of hashing is for signing data. Sometimes, two different inputs will produce the same output hash. This is called a hash collision. When anyone can predictably create hashing collisions for a specific algorithm, that algorithm becomes considered less secure or “broken”.

PowerShell’s Get-FileHash cmdlet supports a variety of algorithms as listed below.

• PowerShell Core (version 6 and 7): MD5 , SHA1 , SHA256 , SHA384 , and SHA512
• Windows PowerShell (version 4 through 5.1): MACTripleDES , MD5 , RIPEMD160 , SHA1 , SHA256 , SHA384 , and SHA512

Computing a Hash Value for a Single File

To become familiar with the Get-FileHash cmdlet, pass a single file to the command, as seen in the below example.

Get-FileHash C:\Windows\write.exe

Get-FileHash will output the algorithm used, the hash value of the file, and the full path of the file that you specified, as shown below. The default value is SHA256 for all versions of PowerShell, if no other algorithm is specified.

Computing the hash value of a single file.

Computing Hash Values for Files in a Directory

To generate hash values for every file in a directory, use wildcards ( * ) in the Path parameter. You may notice that no algorithm is specified.

Copy the command below and run from the root C:\ directory to generate SHA256 hash values for all executables in the C:\Windows directory.

# The example below computes the hashes relative to the current directory # notated by the "." before the "\". Get-FileHash .\Windows\*.exe

Compute hash values for all executables in the C:\\Windows directory.

Recursively Generate Hash Values for All Files

To hash all files in a directory and its sub-directories, recursively list items via Get-ChildItem and pass the results to Get-FileHash . Although you are able to use the wildcard character with Get-FileHash this does not recursively traverse each sub-directory.

Get-ChildItem -Path C:\py* -Recurse -Filter *.exe | Get-FileHash

Recursively generating executable file hashes from all directories and sub-directories.

Adding a File Hash to Get-ChildItem Output via a Calculated Property

Get-FileHash by itself has limited output. When used in conjunction with Get-ChildItem many file properties are lost in the output. To keep the file information, create a calculated property to dynamically add the file hash.

The example below reads the windows-version.txt example file, selects only the Name and Length property from the Get-ChildItem output, and adds the Hash calculated property.

Select-Object uses a hashtable to create a calculated property. Define a "Name" and an "Expression", which operates on the current object in the pipeline. Get-ChildItem .\windows-version.txt | Select-Object -Property Name,Length, @>

Adding the file hash via a calculated property to the output of Get-ChildItem .

Comparing All Files in Two Directories Using Hashes

Suppose you have two folders and need to find which files are different. You can compare all files in these folders by generating a hash with Get-FileHash for each file and then comparing them.

Building on what you have learned with calculated properties and Get-FileHash , the cmdlet Compare-Object compares the computed hash for each file and outputs any differences.

First, retrieve a set of executable files and computed hashes for use with Compare-Object .

# Retrieve all executables directly located within the C:\Windows directory and compute a hash value for each. $WindowsExesOnly = Get-ChildItem C:\Windows\*.exe | Select-Object -Property *, @> # Retrieve all executables located in any directory from the C:\ drive, but not recursively, and compute a hash value for each. $SecondLevelExes = Get-ChildItem C:\*\*.exe | Select-Object -Property *, @>

Next, supply the resulting file object arrays, $WindowsExesOnly and $SecondLevelExes , to Compare-Object using the ReferenceObject and DifferenceObject parameters. Run the following code and pass both the Name and Hash properties for comparison to Compare-Object . Using both the Name and Hash properties allows for identical files but with different file names.

Compare-Object -Ref $WindowsExesOnly -Dif $SecondLevelExes -Property Name,Hash 

The Compare-Object output shows the SideIndicator property, which indicates which array the non-identical files exist in. As shown below, six unique files are located in the $SecondLevelExes array.

Using Compare-Object to retrieve unique executables compared across directories.

What if you wanted to see the file length for the unique files? With the PassThru parameter, the original properties are carried through the pipeline with the SideIndicator property added to the original object.

Compare-Object -Ref $WindowsExesOnly -Dif $SecondLevelExes -Property Name,Hash -PassThru | Select-Object SideIndicator,Name,Hash,Length 

Including all properties, such as Length , with the compared objects.

Generate a Hash Value From a Stream of Data

So far you’ve learned how to find a file’s hash but Get-FileHash can do you one better. It can also get a hash of data that isn’t stored in a file, a stream of data.

Keep in mind that any difference, even an extra newline character, would cause the hash to change. One method to avoid any hashing issues is by converting the data to a stream of data that is passed to Get-FileHash via the InputStream parameter, as shown below.

Create an in-memory stream of data with the [System.IO.MemoryStream] constructor. Retrieve the bytes of a string using the [System.Text.Encoding]::ASCII static method. $String = "Hello World" Get-FileHash -InputStream ([System.IO.MemoryStream]::New([System.Text.Encoding]::ASCII.GetBytes($String)))

Viewing the resulting hash from a stream of data.

In fact, you can turn any series of bytes into a MemoryStream , a series of data stored in RAM, for Get-FileHash to generate a hash from, not just strings!

Calculating the Hash of a File Split Into Multiple Files (Chunked Data)

Suppose you have a large 5TB backup file and the resulting hash value to validate the file. Due to the size, the file was split into 100GB blocks of chunked data for storage flexibility.

One potential way to validate the original file is to combine all 100GB files together and verify the hash of the resulting file. Of course, 5TB is a lot of disk space!

Instead, you can combine individual file hash values. By combining the hash values, you skip the disk space-consuming step of combining the files. See the below code for an example of how to stream the chunked data into a combined hash value.

# First, create a hash algorithm object using SHA256. $Algorithm = [System.Security.Cryptography.HashAlgorithm]::Create("SHA256") # Next, create a cryptographic stream of data using the SHA256 hash algorithm. $CryptoStream = [System.Security.Cryptography.CryptoStream]::new( ([System.IO.Stream]::Null), $Algorithm, "Write" ) # Retrieve each file and copy the data into the cryptographic stream. foreach ($File in Get-ChildItem -File) < $FileStream = [io.file]::OpenRead($File.FullName) $FileStream.CopyTo($CryptoStream) ># Close all files and close out the cryptographic stream. $FileStream.Close() $CryptoStream.FlushFinalBlock() # Combine all of the hashes as hexadecimal formats "X2" and join the values. ($Algorithm.Hash | ForEach-Object ) -join ''

Aside: Understanding Chunking and Streaming of Files

It’s not necessary to understand all the ins-and-outs of chunking and streaming data to compute file hashes, but really learn exactly how this all works!

To illustrate the nature of this chunking and streaming, imagine that your source file contains the values of 1 and 2 . In between each number, is a Windows newline ( \r\n ) as represented in the hex editor shown below.

Viewing the source file in a hex editor.

This source file has been split into two files with the content 1 and 2 in them respectively. Viewing each file in a hex viewer shows that each file is three bytes with a number and the Windows newline.

Viewing the chunked parts in a hex editor.

As shown below, the source file hash and the hash of these two chunked files match.

Demonstrating that the original source file hash matches the cryptographic stream hash.

It is important that you ensure your input file’s order matches the order of bytes in the source file in order to get the same hash. Notice that if you change the ordering of the input files with Sort-Object then the hash changes completely.

Changing the order of input files changes the output hash.

Armed with this knowledge, you can get that 5TB file hashed in almost no time at all!

Next Steps

In this article, you’ve learned how to use the Get-FileHash cmdlet in PowerShell. You’ve also learned about the nature of hashing, secure hashing requirements, and best practices to help you pick the right algorithm for your needs.

Armed with this knowledge, you’ll be able to thoroughly identify changes to data, even when only a single character is changed!

Hate ads? Want to support the writer? Get many of our tutorials packaged as an ATA Guidebook.

Get File Hash Checksum (MD5, SHA-256) via Right-click Menu

Hashing means taking an input string of any length and giving out an output of a fixed length. Using the cryptographic hashing algorithm — e.g., MD5, SHA-256, SHA-384, you can verify if two files are identical or not. The checksum is a hash value used for performing data integrity checks on files. It’s a kind of signature for a file.

When you download large files from the internet such as the Windows 10 ISO images, there are chances that the file gets corrupt or a few bits lost due to inconsistent connection or other factors. Hash verification is the best way to compare the two hashes – source file on a website or server versus the downloaded copy.

Many software vendors put up the hash for file downloads on their site. You might have seen in torrent sites that a hash value usually accompanies the download link.

Also, the hash checksum comparison is an excellent way to identify duplicate files in a computer or compare two folders.

In this article, let’s see how to get the cryptographic hash using MD5, SHA-256, SHA-384 algorithms using various methods, and how to integrate the functionality into the context menu.

How to get file hash checksum in Windows

1. Using PowerShell (built-in to Windows)
2. Using Certutil.exe (built-in to Windows)
3. Using HashMyFiles
4. Using 7-Zip
5. Using HashTools

Get File Hash Checksum via the Right-click Menu in Windows

Using PowerShell

Using Windows PowerShell ( powershell.exe ), you can quickly get the file hash with a single command-line. Here is the command-line example:

get-filehash -path "C:\Users\ramesh\Desktop\reinstall-preinstalledApps.zip" | format-list

This outputs the file hash (by default, it uses the SHA256 algorithm) as shown below:

Algorithm : SHA256 Hash : 3A0F056494EB1C0257FCDB59F9F93811962D4F796AD2596EC6FF1CDF8D365470 Path : C:\Users\ramesh\Desktop\reinstall-preinstalledApps.zip

To use any other algorithm — e.g., SHA384, you can add the -Algorithm SHA384 parameter to the above command-line.

get-filehash -path "C:\Users\ramesh\Desktop\reinstall-preinstalledApps.zip" -Algorithm SHA384 | format-list

• SHA1
• SHA256
• SHA384
• SHA512
• MD5

Copy to the clipboard

To copy the output to the clipboard, pipe the output to the clip command, as below:

get-filehash -path "C:\Users\ramesh\Desktop\reinstall-preinstalledApps.zip" | format-list | clip

Integrate the command to the right-click menu

To add the PowerShell command to the right-click menu for files, here is a .reg file:

Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Classes\*\shell\gethash] @="Get File Hash" [HKEY_CURRENT_USER\Software\Classes\*\shell\gethash\command] @="powershell -WindowStyle Minimized -command get-filehash -literalpath '%1' -algorithm SHA256 | fl | clip"

• Copy the above lines to Notepad and make a .reg file. For more information, see the article How to create and use .reg files.
• Double-click the .reg file to apply the contents to the registry.
• Now, right-click on a file and click Get File Hash command in the context menu.

The command launches PowerShell, which in turn generates the file hash and copies it to the clipboard automatically.

To remove the context menu option you added, use this undo .reg file

Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\Software\Classes\*\shell\gethash]

Using Certutil.exe with VBScript

Certutil.exe is a built-in command-line program that is installed as part of Certificate Services. You can use Certutil.exe to compute file checksum using various hashing algorithms. The following command-line syntax is to be used to calculate the SHA256 checksum of a file using Certutil.exe from a Command Prompt window.

certutil.exe -hashfile file_name SHA256

1. Copy the following VBScript code to Notepad.
2. Save the file with .vbs extension – e.g., get-hash-certutil.vbs in a permanent folder.

'Get File hash via the right-click menu 'SHA256 hash for the file is copied to the clipboard automatically 'Created: June 4, 2019 by Ramesh Srinivasan - winhelponline.com Option Explicit Dim WshShell, sOut, sFileName, sCmd, oExec, strInput Set WshShell = WScript.CreateObject("WScript.Shell") If WScript.Arguments.Count = 0 Then strInput = InputBox("Type ADD to add the Get File Hash context menu item, or REMOVE to remove the item", "ADD") If ucase(strInput) = "ADD" Then sCmd = "wscript.exe " & chr(34) & WScript.ScriptFullName & Chr(34) & " " & """" & "%1" & """" WshShell.RegWrite "HKCU\Software\Classes\*\shell\gethash\", "Get File Hash", "REG_SZ" WshShell.RegWrite "HKCU\Software\Classes\*\shell\gethash\command\", sCmd, "REG_SZ" WScript.Quit ElseIf ucase(strInput) = "REMOVE" Then sCmd = "reg.exe delete HKCU\Software\Classes\*\shell\gethash" & " /f" WshShell.Run sCmd, 0 WScript.Quit End If Else sFileName = """" & WScript.Arguments(0) & """" sCmd = "cmd.exe /c certutil.exe -hashfile " & sFileName & " SHA256" & _ " | findstr /v " & chr(34) & "completed successfully" & Chr(34) & " | clip" WshShell.Run sCmd, 0 End If

It adds the Get File Hash command in the context menu.

Clicking on the menu item computes the SHA256 hash and copies it to the Clipboard automatically.

Open Notepad and paste the file hash stored in the clipboard.

Note: To remove the context menu entry, double-click the file to run it. Then, type REMOVE and click OK.

The above script uses the built-in certutil.exe to generate file hash, by running the command and redirecting its output to the clipboard using Clip.exe :

certutil -hashfile file_name SHA256

This is how the output will look like when running it from Command Prompt.

Certutil.exe supports the MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512 hashing algorithms.

Another way to get the file hash via context menu is by using a third-party utility like HashMyFiles.

HashMyFiles utility from NirSoft

HashMyFiles is small utility from Nirsoft that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/HTML/XML file. HashMyFiles can also be launched from the context menu of Windows Explorer, and display the MD5, SHA256, SHA384, SHA512 hashes of the selected file or folder.

From the Options menu, click Enable Explorer Context Menu option to enable it. It adds the HashMyFiles option to the context menu for files and folders.

Download HashMyFiles from Nirsoft.net

Using 7-Zip

The popular compression utility 7-Zip has a feature that can compute the CRC or SHA checksums via the right-click menu. 7-Zip is a widely used software and it’s most likely that you may have installed it on your computer.

In 7-Zip setup doesn’t enable the option already, you can turn it on by clicking the Tools menu, clicking Options and enabling the CRC SHA > option under the Context menu items: listing. Click OK to save your setting.

Then, all you need to do is right-click on a file, click CRC SHA and then select a hashing algorithm such as CRC-32, CRC-64, SHA-1, SHA-256 from the sub-menu. To select all of the above hashing algorithms (and BLAKE2 algorithm in addition), click the asterisk (*) option.

The checksum information is presented in a separate dialog.

You can select the items and press Ctrl + C on your keyboard to copy it to the clipboard.

Using HashTools from Binary Fortress

HashTools by Binary Fortress Software computes and checks hashes with just one click! Supports CRC32, MD5, SHA1, SHA256, SHA384, SHA512 and SFV’s, as well as integration into the Windows Explorer context menu for one-click access.

Install HashTools or run the portable edition or the tool. Click on the Options button shown with the gears icon, and click Add to Windows Context Menus.

Right-click on a file or a set of files, and click Hash with HashTools in the context menu.

This launches the HashTools program and adds the selected file(s) to the list. Next, click on a hashing algorithm (e.g., CRC, MD5, SHA1, SHA256, etc) to generate the hash checksum for the files.

Do you know any other tool or method to calculate file hash? Let’s know in the Comments section below.

One small request: If you liked this post, please share this?

• Pin it!
• Share it to your favorite blog + Facebook, Reddit
• Tweet it!