# What Is a File Hash? Short title: File Hash Canonical path: /guidance/explainers/what-is-a-file-hash/ Rank: 2 Category: file-evidence Updated: 2026-05-28 Summary: The basic fingerprint concept behind modern file evidence, integrity checks, receipts, and verification. ## Search intent Primary query: what is a file hash Secondary queries: - what is a digital fingerprint - how does a file hash work - does a file hash prove ownership - file hash verification - sha256 file hash - how to prove a file has not changed - verify file without sharing file Common questions: - What is a file hash? - Is a hash the same as a digital fingerprint? - Can a file hash prove I own a file? - Can a hash prove a file has not changed? - Can someone verify a file without seeing the private file? ## Simple explanation A file hash is a short digital fingerprint made from a file. If the file changes, even slightly, the hash usually changes too. ### What it proves - That a later file can be checked against the same fingerprint. - That the file probably has not changed if the hash still matches. - That a file can be identified without showing the whole file. ### What it does not prove - Who created the file. - Who owns the file. - When the file was first made unless the hash is linked to a trusted timestamp or receipt. - What the file means, whether it is original, or whether permission exists. ### Why it matters A file hash lets people verify the identity and integrity of a file without relying only on filenames, screenshots, folder dates, or claims. It is one of the simplest building blocks of serious digital evidence. ### Example If you hash a manuscript today and later hash the same manuscript again, the matching hash helps show it is the same file state. If one character changed, the hash should change. ## Professional explanation A file hash is a deterministic digest produced by applying a cryptographic hash function to a file. It gives a compact identifier for a specific file state. ### What it proves - That a specific file state can be matched against a previously recorded digest. - That the file has likely not been altered if the same algorithm produces the same hash. - That evidence can be checked without disclosing the underlying file, where the verifier can recompute or compare the digest. - That a receipt, timestamp, or anchor refers to a particular file state rather than a vague filename or description. ### What it does not prove - Legal ownership or authorship. - Priority over an earlier unrecorded version. - Permission, licence, consent, or lawful use. - Originality unless combined with comparison or provenance evidence. ### Why it matters Professional evidence fails when the object being discussed is not precisely identified. A hash ties the record to a defined file state, making later verification cleaner and reducing reliance on weak labels such as filenames, upload dates, or screenshots. ### Example In a dispute, saying “this is my file” is weak. Providing a receipt that records the file’s SHA-256 hash is stronger because the exact file state can be checked against the recorded digest. ## Technical explanation A file hash is the output of a deterministic cryptographic hash function applied to a file’s byte sequence. In evidence systems, it functions as a content-derived identifier for a specific byte-state. ### What it proves - That the same byte sequence produces the same digest under the stated algorithm. - That a recorded digest can be recomputed for verification if the file is later available. - That a receipt or commitment can bind evidence to a defined object state without exposing the object itself. - That alteration is detectable where the recomputed digest no longer matches the recorded digest. ### What it does not prove - Semantic equivalence between visually or textually similar files. - Authorship, ownership, permission, or legal priority. - Creation time unless the digest is bound to a trustworthy time source, receipt, log, signature, or external anchor. - Integrity of the wider evidence process unless custody, timestamping, signing, and verification controls are also reliable. ### Why it matters Hashing separates object identification from object disclosure. That matters for privacy-preserving verification, portable receipts, Merkle proofs, blockchain anchoring, and independent checks across trust boundaries. ### Example A technical receipt may record SHA-256, SHA3-256, BLAKE3, or another digest suite. Verification recomputes the digest from the submitted file bytes and checks whether it matches the recorded value in the receipt or proof structure. ## Related explainers - /guidance/explainers/what-is-evidence-of-creation/ - /guidance/explainers/what-is-a-timestamp-and-what-does-it-actually-prove/ ## Further reading - /guidance/explainers/what-is-evidence-of-creation/ - /guidance/explainers/what-is-a-timestamp-and-what-does-it-actually-prove/