哈希生成器 - MD5、SHA-1、SHA-256、SHA-384、SHA-512(文本与文件)
计算任意文本或文件的 MD5、SHA-1、SHA-256、SHA-384 和 SHA-512 十六进制摘要。SHA 通过浏览器内置的 Web Crypto API 计算——你的数据绝不离开你的设备。
粘贴要哈希的文本……
或拖入任意文件
哈希生成已完成?不妨试试这些
与哈希生成器搭配使用的精选工具。继续编辑,不丢失你的文件。
密码生成器
生成长度可达 128 个字符的高强度密码学随机密码,并实时估算熵值。
立即试用Base64 编码器 / 解码器
将任意文本或文件编码为 Base64(含 URL 安全变体),或将 Base64 解码还原为文本。UTF-8 安全。
立即试用JWT 解码器
解码 JSON Web Token,查看头部和载荷、检查过期时间。仅在本地运行——你的令牌绝不会离开浏览器。
立即试用URL 编码器 / 解码器
对 URL 组成部分或整个 URL 进行百分号编码,并可解码还原。支持 encodeURIComponent 与 encodeURI 两种模式。
立即试用JSON 美化
在浏览器中格式化、校验和压缩 JSON。可使用 2 / 4 / 8 空格缩进美化,或压缩为单行,并支持复制和下载。
立即试用文本差异比较
逐行比较两段文本。支持分栏或合并视图,可选择忽略空白和忽略大小写。
立即试用Frequently Asked Questions
SHA-1、SHA-256、SHA-384 和 SHA-512——浏览器 Web Crypto API 提供的所有算法。摘要以小写十六进制字符串显示,这正是校验和文件、软件包清单和 HMAC 工具所要求的格式。
features它们在输出长度和设计原理上有所不同。SHA-256 是用于完整性校验和大多数区块链场景的现代默认选择。SHA-384 和 SHA-512 生成更长的摘要,可抵御长度扩展攻击。SHA-1 仅为兼容旧系统而提供,但已不再被视为能够抵御碰撞攻击的安全算法。
technicalMD5 已被攻破:碰撞攻击在一台笔记本电脑上就能轻松实现,因此绝不能用于涉及安全的场景。我们有意省略它,以避免新代码继续依赖它。对于缓存键之类的非安全用途,建议使用截断到所需长度的 SHA-256。
technical两者皆可。在输入框中粘贴字符串或拖入文件即可——工具会将文件读取为二进制流并直接送入哈希 API,因此生成的摘要与 sha256sum、openssl dgst 或 PowerShell 的 Get-FileHash 完全一致。
features不能。密码学哈希是单向函数:仅凭摘要无法以任何高效方式还原出原始输入。这正是其核心所在——完整性校验、密码存储和签名都依赖于这一特性。
technical不会。Web Crypto API 在你的浏览器内完成哈希运算,因此输入内容绝不会经过网络传输。这让该工具对于密钥、私钥以及任何你不愿上传的文件都很安全。
privacy可以。将「来源」开关切换到「文本」可对粘贴的字符串计算哈希,切换到「文件」则可拖入任意文件。无论哪种方式,工具都会一次性计算 SHA-1、SHA-256、SHA-384 和 SHA-512,并让你复制其中任意一项,因此文件摘要会与 sha256sum 或 PowerShell 的 Get-FileHash 生成的结果一致。
featuresEach algorithm row (MD5, SHA-1, SHA-256, SHA-384, SHA-512) has its own Copy button next to the hex digest. The large primary button at the bottom is a shortcut for SHA-256 specifically since it's the most commonly requested value, but every other digest can be copied individually the same way.
usageYes — MD5 is shown alongside SHA-1, SHA-256, SHA-384 and SHA-512 even though the browser's built-in Web Crypto API doesn't implement MD5. The tool includes its own pure-JavaScript MD5 implementation specifically so you can match checksums against old downloads, ETags and manifests that still publish MD5 — it's included for legacy compatibility, never for anything security-sensitive.
technicalClick Clear at any time to wipe the pasted text or dropped file — the previous digests disappear immediately so you're never comparing a stale hash by accident. You can also just switch the Source toggle between Text and File; each source keeps its own input independently.
usageSwitch the Source toggle to File, drop the download (installer, ISO, archive) into the tool, and compare the SHA-256 row against the checksum published on the publisher's site — use the one-click Copy SHA-256 button to paste it straight into a comparison instead of retyping the long hex string. Because hashing runs locally via Web Crypto, the file itself never leaves your device during the check.
tipsHow Hash Generator helps you get it done
Real problems it solves every day — for businesses, creators, and everyday tasks. Find the use case that fits you and start in seconds.
下载后验证文件完整性
计算 ISO 镜像、安装程序或发布文件的 SHA-256 摘要,并与发布方提供的校验和比对,确认文件未被损坏或篡改
检测大型图库中的重复图片
对文件做哈希,即可在文件夹、NAS 共享和云盘中查找重复的照片、文档或素材,无需每次逐字节比对。
签名并验证 Webhook 负载
生成 webhook 请求体的 SHA-256 摘要,在本地集成和调试时验证 Stripe、GitHub、Shopify 和 Twilio 的 HMAC 签名
为软件发布版本生成指纹以供审计
为二进制文件、容器镜像和发布压缩包生成 SHA-512 指纹,让合规团队能够审计究竟是哪个构建版本交付给了哪位客户
生成缓存键与 ETag
对请求体、查询参数或文件内容做哈希,为 Redis、Cloudflare Workers 和 CDN 的 ETag 头生成确定性缓存键。
长期验证备份完整性
保存每月备份的 SHA-256 摘要,日后重新计算哈希,以确认长期存储介质上的关键档案没有因位衰减而悄悄损坏
校验旧下载文件的 MD5 校验和
Some older software manifests and mirror sites still only publish an MD5 checksum. Drop the file into File mode and compare against the published MD5 row — included specifically for matching those legacy listings, not for anything security-sensitive.
Password & Secret Fingerprinting for Config Audits
Paste a config value, API key or password into Text mode to get its SHA-256 fingerprint for audit logs and diff comparisons — prove two environments hold the same secret without ever exposing the secret itself, since hashing runs entirely in your browser.
Timestamp Proof for Written Work
Hash a manuscript, contract draft or design file with SHA-256 and publish or email just the digest before revealing the finished document — later you can prove the exact content existed at that time, since anyone with the file can verify it matches your published hash.
Data Migration Verification
Hash export files before and after a database or cloud migration to prove byte-for-byte fidelity — compare the SHA-256 digests of the CSV/JSON exports on both ends instead of eyeballing millions of rows.
Classroom Integrity Checks for Submitted Files
Instructors can hash a released dataset or starter-code file and ask students to report the matching digest alongside their submission, confirming nobody edited the starting material before beginning the assignment.
Verify Software Downloads and OS Images Before You Install Them
Drop a freshly downloaded installer, Linux ISO or archive into File mode and compare the SHA-256 row against the checksum the publisher lists on their official download page — this is the single most common reason people reach for a hash generator, and it catches a corrupted download or a tampered mirror before you run anything untrusted on your machine.
Pixoate