I downloaded a file and used certutil to verify the integrity of a file I downloaded (command attached below). The uploader provided a SHA-512 hash with all letters capitalized, while certutil provided a hash with all letters in lowercase. Is SHA-512 in certutil case insensitive?
certutil -hashfile "file_location" SHA512
Related
Output of command -> CertUtil -hashfile MD5
Can i convert the path output of the file on which i run "cerutil -hashfile" as relative rather than absolute ?
Regards
I'm trying to calculate the hash over a public key on both iOS (Swift) and macOS (terminal & OpenSSL), but both platforms export the key in a slightly different format.
My Swift code extracts the sequence containing both the modulus and exponent (according to Apple this is the PKCS#1 container).
let export = SecKeyCopyExternalRepresentation(publicKey, nil)! as Data
let hash = SHA256.hash(data: export)
// SHA256 digest: 57fc8238c609045b7c0b546f58d5f797ebec4e39eff481459edfb67bd850834d
print(hash)
Now when I do similar things with the terminal I get a different output.
openssl rsa -pubin -outform DER | openssl dgst -sha256
# writing RSA key
# 0ee9c99ef4ca3316e90dde23925bc9a670fa309d6f4663bb5d42050b5089b086
The latter one is cause by OpenSSL wrapping the output in a fuller structured ASN.1 container.
SEQUENCE (ASN.1 container)
SEQUENCE
OID (RSA algorithm)
NULL
BITSTRING
SEQUENCE (iOS container)
INTEGER (Modulus)
INTEGER (Exponent)
How can I use OpenSSL to export the key into only the sequence iOS expects, so the has will be the same for both commands?
It turns out OpenSSL has an undocumented parameter -RSAPublicKey_out that outputs the same data that SecKeyCopyExternalRepresentation does.
openssl rsa -pubin -RSAPublicKey_out -outform DER | openssl dgst -sha256
This provides the same digest for both iOS and macOS
I have the command openssl dgst -sha256 -binary _your_file_path_ | openssl enc -base64 I use in terminal to get an output for a jar file that matches what AWS Lambda uses to hash.
I want to program that in Java, but I am having trouble understanding exactly what is going on in that line, so that I can go through each step in my code. Obviously, there is mode than just hashing in SHA256, because when I do that the output does not match.
Could someone help explain the steps that line is completing in a simple way for me?
You need to break the command down to understand what is going on.
The first part of the command:
openssl dgst -sha256 -binary <file> gives you a SHA256 binary checksum for the file.
The second part of the command:
openssl enc -base64 encodes the SHA256 binary checksum to Base64.
So to replicate in Java, you just need to carry out those same steps:
Calculate a SHA256 binary checksum.
Base64 encode the SHA256 binary checksum.
Without you posting the command you used to try and get a SHA256 checksum separately to the command you did post, I'm guessing the reason you were probably getting a different hash is because by default a checksum seems to output in hexadecimal.
See my example below and how the results are completely different.
# Hexadecimal
$ openssl dgst -sha256 data.csv
SHA256(data.csv)= 114811b0b8998cb9853a5379598021410feddf69bb2ee7b7145d052a7e9b5d45
# Binary (note the usage of the -binary flag)
$ openssl dgst -sha256 -binary data.csv
H:SyY!Ai.]*~]E
If you then Base64 encode the hexadecimal checksum above, and the binary one, you'll also get two completely different results, as you can see below.
# Hexadecimal
$ printf 114811b0b8998cb9853a5379598021410feddf69bb2ee7b7145d052a7e9b5d45 | openssl enc -base64
MTE0ODExYjBiODk5OGNiOTg1M2E1Mzc5NTk4MDIxNDEwZmVkZGY2OWJiMmVlN2I3
MTQ1ZDA1MmE3ZTliNWQ0NQ==
# Binary
$ printf 'H:SyY!Ai.]*~]E' | openssl enc -base64
SDpTeVkhQWkuXSp+XUU=
For those, who TLDR. To get the same result as in this cat FILENAME.js | openssl dgst -sha256 -binary | openssl base64 -A command you should do the following conversions:
1) your content -> sha256 (you'll get the hexadecimal number, not a text)
2) hexadecimal -> binary
3) binary -> base64
I need to generate a development key hash for my facebook app, so I downloaded openssl x64 for windows from (https://code.google.com/archive/p/openssl-for-windows/downloads) and used
keytool -exportcert -alias androiddebugkey -keystore %HOMEPATH%\.android\debug.keystore | openssl sha1 -binary | openssl base64
But this generates a 27 character encoding; I need a 28 character one. The paths for my openssl and debug.keystore are correct, but it still does not generate a correct length hash.
My hash ended with a '=', which I misconstrued as part of the code. With the other 27 characters, that resulted in 28 characters.
When I generate a certificate using MakeCert.exe, I want to change the key size from 1024 to 2048.
Is this possible? Or do I need to setup a certificate authority (CA)?
Here the following syntax is used:
makecert -pe -ss MY -$ individual -n "CN=your name here" -len 2048 -r
Sorry I cannot test it, since I don't have Makecert.
A description of Makecert options can be found at MSDN, but I didn't see an explicit one for setting the key length.