When I try to SHA512 some file using openssl I got the output file contents starts with something like "SHA512(in.txt)= 090c..."
I tried the different options -r, -binary with the command
Here is the command I'm using
openssl dgst -sha512 -out out.txt in.txt
The question is: How can I got the file contains only the hash, without that starting note?
You can only print the second column using awk, if the file name doesn't contain spaces:
openssl dgst -sha512 -out in.txt | awk '{print $2}' > out.txt
Or (looks like not cross-platform) you can try either pipe or reading from stdin:
openssl dgst -sha512 -out out.txt < in.txt
cat in.txt | openssl dgst -sha512 -out out.txt
This works for me (Mac OS X).
The default delimiter of awk is a space character, and the accepted answer will not work if there are spaces in the filename. You can override the default delimiter with the -F flag (field separator) to = , but that would also not work if there happens to be an equal space in the filename. Printing the last column using the default delimiter should work for all of those edge cases. The $NF awk variable stores the number of fields and can be used directly to print the last column, which should always be the hash.
openssl dgst -sha512 -out in.txt | awk '{print $NF}' > out.txt
https://linux.die.net/man/1/awk
Related
I use the following command in Powershell to sign a base64 encoded string. It is reading currently from a file. Can I also let it directly take it from a variable?
openssl dgst -sha256 -sign jwtRS256.key -binary $payload | openssl enc -base64 -
It works if I use the following:
openssl dgst -sha256 -sign jwtRS256.key -binary payload.b64 | openssl enc -base64 -A
Maybe it is very simple or it is not possible what I try to achieve.
This line is part of some steps that I try to follow to sign a concatenate of header.payload for JWT geneartion by using openssl.
The following command works for SHA1: csum -h SHA1 (FileName).txt > (FileName_chksum).txt. How to create a similar file using the SHA256 algorithm in AIX?
You can use the openssl command from the openssl.base package; it has a dgst sub-command that will generate a SHA256 hash of the file:
openssl dgst -sha256 filename.txt > filename_sha256.txt
By default, it will print in the following format:
SHA256(filename.txt)= hash-string-here
The csum command prints in a slightly different format:
hash-string-here filename.txt
... so you may want to rearrange the output of openssl based on your specific needs for the filename_sha256.txt file.
If you only want the hashed string itself in the new file, you could use awk:
openssl dgst -sha256 filename.txt | awk '{print $2}' > filename_sha256.txt
I have the command openssl dgst -sha256 -binary _your_file_path_ | openssl enc -base64 I use in terminal to get an output for a jar file that matches what AWS Lambda uses to hash.
I want to program that in Java, but I am having trouble understanding exactly what is going on in that line, so that I can go through each step in my code. Obviously, there is mode than just hashing in SHA256, because when I do that the output does not match.
Could someone help explain the steps that line is completing in a simple way for me?
You need to break the command down to understand what is going on.
The first part of the command:
openssl dgst -sha256 -binary <file> gives you a SHA256 binary checksum for the file.
The second part of the command:
openssl enc -base64 encodes the SHA256 binary checksum to Base64.
So to replicate in Java, you just need to carry out those same steps:
Calculate a SHA256 binary checksum.
Base64 encode the SHA256 binary checksum.
Without you posting the command you used to try and get a SHA256 checksum separately to the command you did post, I'm guessing the reason you were probably getting a different hash is because by default a checksum seems to output in hexadecimal.
See my example below and how the results are completely different.
# Hexadecimal
$ openssl dgst -sha256 data.csv
SHA256(data.csv)= 114811b0b8998cb9853a5379598021410feddf69bb2ee7b7145d052a7e9b5d45
# Binary (note the usage of the -binary flag)
$ openssl dgst -sha256 -binary data.csv
H:SyY!Ai.]*~]E
If you then Base64 encode the hexadecimal checksum above, and the binary one, you'll also get two completely different results, as you can see below.
# Hexadecimal
$ printf 114811b0b8998cb9853a5379598021410feddf69bb2ee7b7145d052a7e9b5d45 | openssl enc -base64
MTE0ODExYjBiODk5OGNiOTg1M2E1Mzc5NTk4MDIxNDEwZmVkZGY2OWJiMmVlN2I3
MTQ1ZDA1MmE3ZTliNWQ0NQ==
# Binary
$ printf 'H:SyY!Ai.]*~]E' | openssl enc -base64
SDpTeVkhQWkuXSp+XUU=
For those, who TLDR. To get the same result as in this cat FILENAME.js | openssl dgst -sha256 -binary | openssl base64 -A command you should do the following conversions:
1) your content -> sha256 (you'll get the hexadecimal number, not a text)
2) hexadecimal -> binary
3) binary -> base64
I need to execute hmac openssl, but when change a parameter I have a strange behaviour.
With these values, HMAC works properly
$ printf 03d4f7e460787295bb803f7f9fa3c023b3cb33623aadbea53720decfa5a4f6005800000000 |xxd -r -p | openssl dgst -sha512 -hmac `printf 71ef1c30a1a5503dd387aac85b714b779c7df8bc163b1fad66b1d51c94cd221e|xxd -r -p` | awk '{print $2}'
71af33b003e7e8033fcec8ad2ef46ee22b6518ae072fae24708201542d1b01bbe0b67fce1733443bfaddd52307e28fbe4e3c0945be31853d8f1caeb078dfc220
When change the value 71ef1c30a1a5503dd387aac85b714b779c7df8bc163b1fad66b1d51c94cd221e with a new value 2C31FBB2B809A9B2252FE64EC6D0011A8EAAA4D0A72EEEDF0A1E1DCF1B514320 I get an error
$ printf 03d4f7e460787295bb803f7f9fa3c023b3cb33623aadbea53720decfa5a4f6005800000000 |xxd -r -p | openssl dgst -sha512 -hmac `printf 2C31FBB2B809A9B2252FE64EC6D0011A8EAAA4D0A72EEEDF0A1E1DCF1B514320 |xxd -r -p` | awk '{print $2}'
%/NЧ.: No such file or directory
C: No such file or directory
UPDATE
I tried with -macopt
first result is the same
$ printf 03d4f7e460787295bb803f7f9fa3c023b3cb33623aadbea53720decfa5a4f6005800000000 |xxd -r -p | openssl dgst -sha512 -mac HMAC -macopt key:`printf 71ef1c30a1a5503dd387aac85b714b779c7df8bc163b1fad66b1d51c94cd221e|xxd -r -p`
(stdin)= 71af33b003e7e8033fcec8ad2ef46ee22b6518ae072fae24708201542d1b01bbe0b67fce1733443bfaddd52307e28fbe4e3c0945be31853d8f1caeb078dfc220
Second result same issue
$ printf 03d4f7e460787295bb803f7f9fa3c023b3cb33623aadbea53720decfa5a4f6005800000000 |xxd -r -p | openssl dgst -sha512 -mac HMAC -macopt key:`printf 2C31FBB2B809A9B2252FE64EC6D0011A8EAAA4D0A72EEEDF0A1E1DCF1B514320|xxd -r -p`
??%/?N?????Ч.??: No such file or directory
?C: No such file or directory
Try with double quotes
$ printf 03d4f7e460787295bb803f7f9fa3c023b3cb33623aadbea53720decfa5a4f6005800000000 |xxd -r -p | openssl dgst -sha512 -hmac "`printf 71ef1c30a1a5503dd387aac85b714b779c7df8bc163b1fad66b1d51c94cd221e|xxd -r -p`" | awk '{print $2}'
71af33b003e7e8033fcec8ad2ef46ee22b6518ae072fae24708201542d1b01bbe0b67fce1733443bfaddd52307e28fbe4e3c0945be31853d8f1caeb078dfc220
$ printf 03d4f7e460787295bb803f7f9fa3c023b3cb33623aadbea53720decfa5a4f6005800000000 |xxd -r -p | openssl dgst -sha512 -hmac "`printf 2C31FBB2B809A9B2252FE64EC6D0011A8EAAA4D0A72EEEDF0A1E1DCF1B514320 |xxd -r -p`" | awk '{print $2}'
3b63439866b95de9d5402688dd26162fdd25646262087bebdffe024c5136954ea34a8f908de1b523ebf3fa86813db6a098d153ac79a8905e520134799fec8247
I know we can get the right output in below ways:
echo -n 123456 | openssl md5
e10adc3949ba59abbe56e057f20f883e
or
printf 123456 | openssl md5
e10adc3949ba59abbe56e057f20f883e
or
printf 123456 > file.txt
openssl md5 file.txt
e10adc3949ba59abbe56e057f20f883e
However, I want to know could we work it out in below command-line with extra options
openssl md5 <<< '123456'
f447b20a7fcbf53a5d5be013ea0b15af( this is incorrect)
bash (and ksh93, and zsh) will always append a newline to the content of the here-string. There is no way around this apart from filtering it out explicitly.
$ tr -d '\n' <<<'123456' | openssl md5
(stdin)= e10adc3949ba59abbe56e057f20f883e