I want to encrypt "hello" text using "123456789" key with AES-128 bit encryption cipher, so i go to https://aesencryption.net/ site and tried to encrypt. It gives me result in base64 as 44VUz6QR9WOx3tIzrTVKIg==
Now on linux machine i tried same with openssl cli (with hex converted key and without hex), but it doesnt produce the same result as above website.
echo -n "hello" | ./openssl aes-128-cbc -K 313233343536373839 -iv 00000000000000000000000000000000 -a
OUTPUT:hd7d6N4iUsaeFnp76ZgnmA==
echo -n "hello" | ./openssl aes-128-cbc -k 123456789 -iv 00000000000000000000000000000000 -a -nosalt
OUTPUT: U7lXytP7pnVcOPwi8Hjd7A==
So anyone tell me what am i missing?
Related
How can I just retrieve the key value only with openssl command below?
$ openssl enc -aes-128-cbc -k secret -P -md sha1
Output:
salt=9EFF5E41E21EA17F
key=D0F15A0E51C29FA9E7AC1B63DC4585D3
iv =F0090A64ADB51DE25A28151B0C55DAEA
Thanks!
Use grep and sed in pipes:
$ openssl enc -aes-128-cbc -k secret -P -md sha1 | grep key | sed 's/.*=//'
The grep command filters out lines without "key".
The sed command replaces all characters from the start up to and including the = with nothing (deleting them).
Use the -nosalt option to suppress the use of a salt in the key derivation. But consider that this is not recommended. Note that this key derivation method is also not recommended, especially with sha1.
Anyway, with awk:
$ openssl enc -aes-128-cbc -nosalt -k secret -P -md sha1 |
awk -F= '$1 == "key" {print $2}'
2BB80D537B1DA3E38BD30361AA855686
When I run a command like ssh-keygen -t rsa -b 2048, it asks me:
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
I'd like to write the path in advance and tried like this: ssh-keygen -t rsa -b 2048 | cat '/root/.ssh/id_rsa.pub'.
But this doesn't work....
How can I do this?
Your attempt was in reverse, meaning you were trying to pass the output of ssh-keygen to cat. But we need to pass the output of cat to ssh-keygen:
# using multiline here doc
$ cat <<EOF | ssh-keygen -t rsa -b 2048
/tmp/id_rsa
/tmp/id_rsa.pub
password
EOF
OR
$ echo -e "/tmp/id_rsa\n/tmp/id_rsa.pub" | ssh-keygen -t rsa -b 2048
But use it with caution, this just feeds the entire input to the piped command. Depending on how that command processes input this might fail if the expected input is different from what is being piped in.
It may be fine for simple scripts/commands (will NOT work for ssh-keygen reliably in all cases [because it seems to spawn another process in some cases to ask for the passphrase]).
ref. https://tldp.org/LDP/abs/html/here-docs.html for heredoc
I'm trying to write small linux utility for development purposes that works with JWT signatures.
Problem: linux secret and secret from jwt.io website are different.
I'm using default data from https://jwt.io/#debugger-io and HS256.
Example:
# hmac256
$ echo -n "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9" | hmac256 secret
> 4c9540f793ab33b13670169bdf444c1eb1c37047f18e861981e14e34587b1e04
# openssl
$ echo -n "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9" | openssl dgst -sha256 -hmac secret
> (stdin)= 4c9540f793ab33b13670169bdf444c1eb1c37047f18e861981e14e34587b1e04
# Key from website
# TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
Found answer, result of hash utilities should be in binary format and also in base64 encoding.
So working commands are:
echo -n "{header}.{payload}" | hmac256 --binary secret | base64
echo -n "{header}.{payload}" | openssl dgst -sha256 -binary -hmac secret | base64
Example:
$ echo -n "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9" | hmac256 --binary secret | base64
> TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ=
$ echo -n "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9" | openssl dgst -sha256 -binary -hmac secret | base64
> TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ=
I know the string "foobar" generates the SHA-256 hash c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2 using
http://hash.online-convert.com/sha256-generator
However the command line shell:
hendry#x201 ~$ echo foobar | sha256sum
aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f -
Generates a different hash. What am I missing?
echo will normally output a newline, which is suppressed with -n. Try this:
echo -n foobar | sha256sum
If you have installed openssl, you can use:
echo -n "foobar" | openssl dgst -sha256
For other algorithms you can replace -sha256 with -md4, -md5, -ripemd160, -sha, -sha1, -sha224, -sha384, -sha512 or -whirlpool.
If the command sha256sum is not available (on Mac OS X v10.9 (Mavericks) for example), you can use:
echo -n "foobar" | shasum -a 256
echo -n works and is unlikely to ever disappear due to massive historical usage, however per recent versions of the POSIX standard, new conforming applications are "encouraged to use printf".
echo produces a trailing newline character which is hashed too. Try:
/bin/echo -n foobar | sha256sum
For the sha256 hash in base64, use:
echo -n foo | openssl dgst -binary -sha256 | openssl base64
Example
echo -n foo | openssl dgst -binary -sha256 | openssl base64
C+7Hteo/D9vJXQ3UfzxbwnXaijM=
Use printf instead of echo to avoid adding an extra newline.
printf foobar | sha256sum
For an arbitrary string, the %s format specifier should be used.
printf '%s' 'somestring' | sha256sum
I believe that echo outputs a trailing newline. Try using -n as a parameter to echo to skip the newline.
I'm trying to make a bash script in linux where some encrypted data is embedded and then retrieved and decrypted with openssl, like this:
cat | openssl des3 -d -a -salt -pass pass:asdf > output.txt <<EOF
U2FsdGVkX1/zN55FdyL5j1nbDVt5vK4V3WLQrnHPoycCJPwWO0ei3PCrrMqPaxUH.....blablablah data
EOF
The only problem with this, that would otherwise work, is that I have to hit enter when the script reaches this position. I have tried changing the way \n are placed, but no luck.
I can't afford to press manually enter for all the files that are going to be embedded like this one!!
Thanks for your help!
A couple of things wrong here:
You shouldn't use both cat | ... and also a here document (<<EOF). Use one or the other.
Your example isn't testable because the example text is not the DES3 encryption of any input.
This example works as expected:
cat ~/.profile | openssl des3 -e -a -salt -pass pass:asdf -out /tmp/output.txt
That is, it writes an encrypted version of ~/.profile, base64 encoded, to file /tmp/output.txt.
Here's a working decryption example with a here document:
openssl des3 -d -a -salt -pass pass:asdf <<EOF
U2FsdGVkX1/03DBd+MpEKId2hUY82cLWpYltYy2zSsg=
EOF
Try this in the safety and comfort of your own home...