Certutil and Get-FileHash to calculate file hash

by

In an age dominated by digital information, the security and trustworthiness of data and files are of paramount concern. One pivotal technique in this realm is the calculation of file hashes, a process that serves as a digital guardian of data integrity. File hash calculation is a multifaceted tool with several critical functions. Firstly, it acts as a means of file validation, enabling users to confidently assert the authenticity and integrity of their digital assets. Certutil and Get-FileHash are the two commands available natively in windows which can calculate hash of a file without need of any 3rd party tool.

There are various tools out there however using such tool have certain challenges with them for example users might not have permission to install such tools, the tools might have some virus/malware in them means there is risk involved in using those tools. Due to these challenges we should use inbuilt windows native commands to calculate hash of a file.

  • Certutil: This command is a part of the Windows Certificate Services. While its primary function is to work with certificates, it also offers a robust hash calculation capability. Certutil can generate hash values for files, making it a versatile tool for file integrity verification.
  • Get-FileHash: Introduced in modern Windows PowerShell, the Get-FileHash cmdlet simplifies the process of calculating file hashes. It provides an intuitive and user-friendly way to generate hash values for files directly from the command line.

Steps to calculate hash of a file using certutil and Get-FileHash command:

Step 1> Open PowerShell. Go to start and search for powershell.

Step 2> As mentioned earlier we have two option available to calculate hash of a file, Use either of the command Certutil or Get-FileHash.

certutil -hashfile (Path_to_file) [HashAlgo]


Available HashAlgo are MD4, MD5, SHA1, SHA256, SHA512. Default is SHA1

Ensure you run the command in the same directory where the file is present or ensure you specify correct file path otherwise you would face error “CertUtil: The system cannot find the file specified.”


Get-FileHash (file name) (-Algorithm MD5)

Examples:

Certutil:


Get-Filehash


In the example we are calculating hash of a file webex.exe using Get-FileHash and certutil command. Powers-shell commands are case sensitive so we need to ensure commands are typed correctly. Either Command should give the desired output.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.