Hashing Files on the Windows Command Line
Mike
Part of my modular PowerShell setup series and the ongoing saga of lost awesome software tools.
🧰 The Setup
If you’ve ever right-clicked a file in Windows expecting a “Generate Hash” option only to find... nothing — you’re not alone. I used to have a perfect little portable tool with shell integration for hashing. But one day, it vanished from my C:\Portables directory. Instead of chasing it down, I found myself diving back into old-school command-line tools and realized a lot can still be done with built-ins like certutil.
This post is about:
Wrapping a simple hashing utility in PowerShell
Understanding how and why hashing works
Kicking off a few side quests around crypto, profiles, and home-labbing
⚙️ The Classic CMD One-liner
echo|set /p="foobar" > %TMP%\hash.txt | certutil -hashfile %TMP%\hash.txt SHA256 | findstr /v "hash"
This hashes the string foobar using SHA256 without appending a newline. That’s crucial. Using echo "foobar" would hash foobar\n, which is a different hash.
🧪 Step-by-step (explained)
| Component | Explanation |
echo | set /p="foobar"` |
> %TMP%\hash.txt | Writes the string to a temp file. |
certutil -hashfile file SHA256 | Uses Windows’ built-in tool to hash the file. |
findstr /v "hash" | Filters out extra output, leaving just the hash line. |
Supported algorithms:
MD2,MD4,MD5SHA1,SHA256,SHA384,SHA512
🧱 PowerShell Wrapper: Hash-String
Put this in ~\Documents\PowerShell\PSProfile.d\hash.ps1:
powershellCopyEditfunction Hash-String {
param (
[Parameter(Mandatory)]
[string]$InputString,
[ValidateSet("MD5", "SHA1", "SHA256", "SHA384", "SHA512")]
[string]$Algorithm = "SHA256"
)
$tmpFile = [System.IO.Path]::GetTempFileName()
[System.IO.File]::WriteAllText($tmpFile, $InputString)
certutil -hashfile $tmpFile $Algorithm |
Where-Object { $_ -notmatch "hash of|certutil" }
Remove-Item $tmpFile
}
Usage:
powershellCopyEditHash-String -InputString "foobar" -Algorithm SHA256
🧬 Why Hashes Matter
✅ Verify downloads with SHA256 hashes
✅ Secure passwords with irreversible hashing
✅ Digital signatures & TLS/SSL
✅ Git, blockchains, Merkle Trees... it's all hashes.
Hashes are the checksum of our digital lives.
🗂 Modular Profiles with PSProfile.d
Like /etc/profile.d on Linux, I’m modularizing my Windows shell setup:
powershellCopyEdit# In $PROFILE
Get-ChildItem "$HOME\Documents\PowerShell\PSProfile.d" -Filter *.ps1 |
ForEach-Object { . $_.FullName }
Drop your tools in PSProfile.d and you’ve got a portable, composable shell setup.
🏗 Side Quest: Active Directory, Certs & More
Working with certutil reminded me I really should stand up a Windows Server 2019 VM inside my Proxmox cluster and finally add a domain controller to my home network.
Why?
Local DNS, SSO, and central auth
Experiment with GPOs and PKI
Self-signed internal CA to play with smartcards or TLS
🔮 Teaser: SHA-3 and the Weird Math
Everyone knows about MD5 and SHA-2. But SHA-3 (based on Keccak) is something else entirely — a "sponge function" that's mathematically quite different. I'm planning a whole future post on it once I get my head around the math and its growing role in post-quantum cryptography and hardware implementations.
🧩 TL;DR
Hash files or strings in Windows using
certutilPowerShell makes it portable and repeatable
Modular shell setups are 🔥
Hashes underpin almost all of modern digital life
And this is just the beginning...
Got feedback? Need a GUI hash tool or want to explore digital signatures or SHA-3 next? Let me know. I’m building out a full FOSS-friendly workflow for Windows, Linux, and hybrid setups.
Subscribe to my newsletter
Read articles from Mike directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by