If you're writing production software, you should use openssl or gpg or whatever -- you shouldn't be calling cryptography routines yourself, and especially you shouldn't be writing them, unless you know what you're doing. And if you're wondering if you know what you're doing or not, then you don't. Of course, how does one learn then? Well, if you want to play around, though, be my guest :). There are implementations of the various SHA-2 algorithms online -- just search for "SHA-256 implementation" on a search engine, for example.