How to generate a sha-256 fingerprint for any font
- Step 1Drop your font — Any size, any format. The Web Crypto API hashes the byte stream — even multi-MB CJK fonts complete in 10–50 ms.
- Step 2Read the hash — Output: full SHA-256 hex (64 chars), short prefix (8 chars), SRI base64 attribute, and a suggested cache-busted filename (e.g., Inter-Regular.abc12345.woff2).
- Step 3Apply where needed — Use the cache-busted filename in deploy. Use the SRI attribute in <link rel="preload">. Pin the hash in your design system docs to detect silent updates.
Frequently asked questions
Why SHA-256 specifically?+
SHA-256 is hardware-accelerated by Web Crypto, has zero known collisions, and is the standard for SRI and modern cache-busting. SHA-1 has known collisions; MD5 is broken; SHA-512 is overkill for fonts.
Does the hash change between builds?+
Only if the font's bytes change. Re-running CI against an unchanged TTF produces an identical hash. Re-saving from a font editor often introduces metadata changes that flip the hash — useful drift detection.
How is the SRI attribute formatted?+
integrity="sha256-<base64>". Browsers verify the downloaded file's hash matches; mismatches fail the load. Use on <link rel="preload" as="font"> for tamper-resistant font delivery.
Privacy first
Every JAD Font tool runs entirely in your browser using opentype.js and the wawoff2 WASM Brotli encoder. Your fonts never leave your device — verified by zero outbound network requests during processing.