Current Location: Home> Latest Articles> How to verify file hash value in combination with hash_equals()

How to verify file hash value in combination with hash_equals()

M66 2025-05-27

In many applications, it is very important to verify the integrity of the file. Especially when you need to download or upload a file, it is very critical to make sure the file is not tampered with or corrupted. PHP provides a variety of methods to perform file hash checks, where hash_update_stream and hash_equals() are two commonly used functions.

This article will introduce how to use the hash_update_stream function to gradually read the file and calculate the hash value, and then use the hash_equals() function to compare the calculated hash value with the expected hash value to verify the integrity of the file.

What are hash_update_stream and hash_equals() ?

  • hash_update_stream : This function is used to calculate the hash value of the data stream. When processing large files, the problem of memory overflow can be effectively avoided by reading the files in chunks and gradually updating the hash value.

  • hash_equals : This is a safe function for comparing two hash values. It prevents timing attacks and is safer than using == or == directly because it does not expose time difference due to different lengths of hash values.

How to verify file hash value using hash_update_stream and hash_equals() ?

Assuming you already have a file and an expected hash value, you want to verify the integrity of the file by following the steps below.

Step 1: Open the file

First, we need to open the file to be verified. We can use fopen() to open the file for reading.

 $file = fopen('path/to/your/file', 'rb');

Step 2: Initialize the hash context

Then, use hash_init() to initialize a hash context. Take sha256 as an example here. Of course, you can also use other hashing algorithms (such as md5 , sha512 , etc.).

 $hashContext = hash_init('sha256');

Step 3: Read the file step by step and update the hash value

We read the file in chunks and update the data of each block into the hash context through the hash_update_stream() function.

 while (!feof($file)) {
    $data = fread($file, 8192); // Read8KBData blocks
    hash_update_stream($hashContext, $data);
}

Step 4: Calculate the final hash value of the file

After the file is read, use hash_final() to obtain the calculated file hash value.

 $fileHash = hash_final($hashContext);

Step 5: Compare file hash with expected hash

Finally, we use hash_equals() to safely compare the calculated file hash value with the expected hash value to ensure that the file has not been tampered with.

 $expectedHash = 'Expected hash value'; // You can get this hash value from a server or other secure place

if (hash_equals($fileHash, $expectedHash)) {
    echo "File complete,Hash value matching!";
} else {
    echo "Files are corrupted or tampered,Hash values ​​do not match!";
}

Sample code

Here is the complete sample code:

 <?php

// Open the file
$file = fopen('path/to/your/file', 'rb');
if (!$file) {
    die('无法Open the file');
}

// Initialize hash context
$hashContext = hash_init('sha256');

// 逐步Read文件并更新哈希值
while (!feof($file)) {
    $data = fread($file, 8192);
    hash_update_stream($hashContext, $data);
}

// Get the hash value of the file
$fileHash = hash_final($hashContext);

// Expected hash value
$expectedHash = 'Expected hash value'; // For example,'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'

// Compare hash values
if (hash_equals($fileHash, $expectedHash)) {
    echo "File complete,Hash value matching!";
} else {
    echo "Files are corrupted or tampered,Hash values ​​do not match!";
}

// Close the file
fclose($file);

?>
Related