Title: Hash a file and validate hashcodes in Python

[This program lets you hash files and verify a file's hash in Python]

A hashing function takes a piece of data (like a file), chops it into hash, and uses the result to create a concise "fingerprint" for the data. Later, you can rehash the file and compare the hash value to the original value to see if the file has been modified.

A small change to the data should also lead to a big change in the hashcode. To be effective, it should be easy to calculate a hash value from a piece of data but it should be very hard to create data from scratch that has a particular hashcode. That way a bad guy cannot modify the data and then make a few extra changes to make the hashcode match its original value. If the data has been tampered with, you'll know.

The following sections explain how you can use the hashlib library to calculate hashcodes and how to use them.

Hashing Files

The following hash_file function returns a file's hashcode.

import hashlib def hash_file(filename, algorithm='sha256'): '''Return the file's hash.''' hash = hashlib.new(algorithm) with open(filename, 'r') as f: while chunk := f.read(8 * 1024): hash.update(chunk.encode()) return hash.hexdigest()

The function first creates a new hashing object. The algorithm parameter indicates the hashing algorithm that you want to use. That parameter defaults to the SHA256 algorithm, which is pretty good for hashing files and documents.

The code then opens the file and reads it in chunks and calls the hashing object's update method to add the chunks to the hash. Note that the update method expects its data to be bytes not a string, so the code calls encode to convert the string into a sequence of bytes before processing it.

After it has updated the hashing object with all of the file's contents, the function returns the final hashcode. A typical hashcode might look like this:

92bde3333047b43ea54050ffdef0f756e3524ce0478718e75aa942a9ea0d44dd

Using Hashcodes

To use a hashcode, you first hash a file or other piece of data and save the hashcode somewhere. You'll probably want to save it in a file or password-protected database because a hashcode like the one above would be pretty hard to memorize.

Laster, when you want to see if the file has been modified, you hash it again and compare the results to the saved hashcode.

A typical scenario might be when you download a file and you want to make sure it hasn't changed. Sometimes websites also post hashcodes of their files so you can verify that the file you downloaded matches the posted hashcode.

To use the example program, click the ellipsis button to select a file. When you do, the program uses the hash_file function to calculate and display the file's hashcode.

Next, click Save to save the hashcode into a file. Click Compare to compare the file's hashcode to one saved in a file.

To try the program out, follow these steps:

Use the example program to open a file and save its hashcode into a file.
Make a copy of the file, open it, and use the Compare button to verify that its hashcode matches the one in the file.
Make a small change to the file (a single character will do), open it again, and use the Compare button to see that the new hashcode does not match the original value. That lets you know that the file has been changed.

Hashcode Code

Now that you know what hashcodes are and how to calculate them, it's time to look at the rest of the example's code. When you click the ellipsis button, the following code executes.

def file_button_clicked(self): '''Let the user select a file name.''' filename = askopenfilename(filetypes=[('All Files', '*.*')]) if len(filename) > 0: # Display the file name, self.file_entry.config(state='normal') self.file_var.set(filename) self.file_entry.config(state='readonly') # Calcuate and display the file's hash value. self.hash_entry.config(state='normal') self.hash_var.set(hash_file(self.file_var.get())) self.hash_entry.config(state='readonly')

This code lets you select a file. If you pick a file and click OK, the program displays the file's name. It then uses the hash_file function to hash the file and displays the result.

If you click the Save button, the following code executes.

def save_button_clicked(self): '''Let the user save the hash.''' filename = asksaveasfilename(filetypes=[('Hash Files', '*.hash')], defaultextension='*.hash') if len(filename) > 0: try: with open(filename, 'w') as file: file.write(self.hash_var.get()) except Exception as e: messagebox.showerror('Error', e)

This code lets you pick a file for saving and then writes the hashcode into it.

Finally, if you click the Compare button, the following code executes.

def compare_button_clicked(self): '''Compare the hash code to one saved in a file.''' filename = askopenfilename(filetypes=[('Hash Files', '*.hash')], defaultextension='*.hash') if len(filename) > 0: try: with open(filename, 'r') as file: hash = file.read().strip() if hash == self.hash_var.get(): messagebox.showinfo('Match', 'The new hash matches the saved hash file.') else: messagebox.showinfo('No Match', 'The new hash does not match the saved hash file.') except Exception as e: messagebox.showerror('Error', e)

This code lets you select the hashcode file. It reads the file, compares its contents to the current hashcode, and displays an appropriate message.

That's all there is to it!

Conclusion

Hashcodes let you know if a piece of data like a file has been modified. When you download important software from a site that posts its hashcode, you can verify that the file you download has the correct code. That way if a nefarious hacker swapped the software with some other file, you'll know. Of course if the hacker also broke into the webpage and swapped the hashcode, too, you're back to square one.

Download the example to experiment with it and to see additional details.