# Hashing Files on the Windows Command Line --- > *Part of my modular PowerShell setup series and the ongoing saga of lost awesome software tools.* --- ### 🧰 The Setup If you’ve ever right-clicked a file in Windows expecting a “Generate Hash” option only to find... nothing — you’re not alone. I used to have a perfect little portable tool with shell integration for hashing. But one day, it vanished from my `C:\Portables` directory. Instead of chasing it down, I found myself diving back into old-school command-line tools and realized a lot can still be done with built-ins like `certutil`. This post is about: * Wrapping a simple hashing utility in PowerShell * Understanding how and why hashing works * Kicking off a few side quests around crypto, profiles, and home-labbing --- ### ⚙️ The Classic CMD One-liner ```plaintext echo|set /p="foobar" > %TMP%\hash.txt | certutil -hashfile %TMP%\hash.txt SHA256 | findstr /v "hash" ``` This hashes the string `foobar` using SHA256 **without appending a newline**. That’s crucial. Using `echo "foobar"` would hash `foobar\n`, which is a different hash. --- ### 🧪 Step-by-step (explained) | Component | Explanation | | --- | --- | | `echo` | set /p="foobar"\` | | `> %TMP%\hash.txt` | Writes the string to a temp file. | | `certutil -hashfile file SHA256` | Uses Windows’ built-in tool to hash the file. | | `findstr /v "hash"` | Filters out extra output, leaving just the hash line. | Supported algorithms: * `MD2`, `MD4`, `MD5` * `SHA1`, `SHA256`, `SHA384`, `SHA512` --- ### 🧱 PowerShell Wrapper: Hash-String Put this in `~\Documents\PowerShell\PSProfile.d\hash.ps1`: ```plaintext powershellCopyEditfunction Hash-String { param ( [Parameter(Mandatory)] [string]$InputString, [ValidateSet("MD5", "SHA1", "SHA256", "SHA384", "SHA512")] [string]$Algorithm = "SHA256" ) $tmpFile = [System.IO.Path]::GetTempFileName() [System.IO.File]::WriteAllText($tmpFile, $InputString) certutil -hashfile $tmpFile $Algorithm | Where-Object { $_ -notmatch "hash of|certutil" } Remove-Item $tmpFile } ``` Usage: ```plaintext powershellCopyEditHash-String -InputString "foobar" -Algorithm SHA256 ``` --- ### 🧬 Why Hashes Matter * ✅ **Verify downloads** with SHA256 hashes * ✅ **Secure passwords** with irreversible hashing * ✅ **Digital signatures & TLS/SSL** * ✅ **Git, blockchains, Merkle Trees**... it's all hashes. Hashes are the checksum of our digital lives. --- ### 🗂 Modular Profiles with `PSProfile.d` Like `/etc/profile.d` on Linux, I’m modularizing my Windows shell setup: ```plaintext powershellCopyEdit# In $PROFILE Get-ChildItem "$HOME\Documents\PowerShell\PSProfile.d" -Filter *.ps1 | ForEach-Object { . $_.FullName } ``` Drop your tools in `PSProfile.d` and you’ve got a portable, composable shell setup. --- ### 🏗 Side Quest: Active Directory, Certs & More Working with `certutil` reminded me I really should stand up a **Windows Server 2019 VM** inside my Proxmox cluster and finally add a domain controller to my home network. Why? * Local DNS, SSO, and central auth * Experiment with GPOs and PKI * Self-signed internal CA to play with smartcards or TLS --- ### 🔮 Teaser: SHA-3 and the Weird Math Everyone knows about MD5 and SHA-2. But **SHA-3** (based on Keccak) is something else entirely — a "sponge function" that's mathematically quite different. I'm planning a whole future post on it once I get my head around the math and its growing role in post-quantum cryptography and hardware implementations. --- ### 🧩 TL;DR * Hash files or strings in Windows using `certutil` * PowerShell makes it portable and repeatable * Modular shell setups are 🔥 * Hashes underpin almost all of modern digital life * And this is just the beginning... --- Got feedback? Need a GUI hash tool or want to explore digital signatures or SHA-3 next? Let me know. I’m building out a full FOSS-friendly workflow for Windows, Linux, and hybrid setups.