Configuring Checksum Programs for Use with Create/Verify Checksums

Kleopatra allows the administrator (and power-user) to configure the list of checksum programs that the user can choose from in the config dialog and that Kleopatra is able to auto-detect when asked to verify a given file's checksum.


To be usable by Kleopatra, output of checksum programs (both the written checksum file, as well as the output on stdout when verifying checksums) needs to be compatible with GNU md5sum and sha1sum.

Specifically, the checksum file needs to be line-based with each line having the following format:

CHECKSUM ' ' ( ' ' | '*' ) FILENAME

where CHECKSUM consists of hex-characters only. If FILENAME contains a newline character, the line must instead read:


where ESCAPED-FILENAME is the filename with newlines replaced by \ns, and backslashes doubled (\\\).

Similarly, the output of verify-command must be of the form

FILENAME ( ': OK' | ': FAILED' )

separated by newlines. Newlines and other characters are not escaped in the output.[2]

Each checksum program is defined in libkleopatrarc as a separate Checksum Definition #n group, with the following mandatory keys:


A list of regular expressions that describe which files should be considered checksum files for this checksum program. The syntax is the one used for string lists in KDE config files.


Since regular expressions usually contain backslashes, care must be taken to properly escape them in the config file. The use of a config file editing tool is recommended.

The platform defines whether the patterns are treated case-sensitive or case-insensitive.


The typical output filename for this checksum program (should match one of the file-patterns, of course). This is what Kleopatra will use as the output filename when creating checksum files of this type.


A unique ID used to identify this checksum program internally. If in doubt, use the name of the command.

Name (translated)

The user-visible name of this checksum program, as shown in the drop-down menu in Kleopatra's config dialog.


The actual command with which to create checksum files. The syntax, restrictions and argument passing options are the same as described for pack-command in the section called “Configuring Archivers for Use with Sign/Encrypt Files”.


Same as create-command, but for checksum verification.

Here is a complete example:

          [Checksum Definition #1]
          Name=sha1sum (GNU)
          Name[de]=sha1sum (GNU)
          create-command=sha1sum -- %f
          verify-command=sha1sum -c -- %f

[2] Yes, these programs were not written with graphical frontends in mind, and Kleopatra will fail to correctly parse pathological filenames that contain ": OK" plus newline in them.