I have a shell script where a file path $path have some text which I encrypt as below and it works:
content_sha256="$(openssl dgst -binary -sha256 < $path | openssl enc -e -base64)";
The value of variable content_sha256 works correctly.
Now, I have a string $body which I want to encrypt. I am trying below but it gives me entirely different result.
content_sha256="$(echo $body | openssl dgst -sha256 | openssl enc -e -base64)";
Am I piping something wrong or option for openssl should be different?
Correct answer below
content_sha256="$(echo $body | openssl dgst -binary -sha256 | openssl enc -e -base64)";
Points to note:
Include -binary option.
Instead of redirection of file content as input, use echo $body with pipe .
Related
I'm creating a script in bash that uses the command:
openssl x509 -in <cert> -noout -text | grep 'Issuer\|Not After' | sed -e 's/^[ \t]*//'
and check all certificate files in the directory, I used the command
ls -l | grep .crt | cut -d " " -f11 > test.txt
to get the following certificate list:
client.crt
client1.crt
client12.crt
client2.crt
client3.crt
server12.crt
server2.crt
however when I run:
for i in test.txt;do openssl x509 -in $i -noout -text | grep 'Issuer|Not After' | sed -e 's/^[ \t]*//';done
I get the following output:
unable to load certificate
140075503359296:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
You're not iterating over the files listed in your test.txt, your executing openssl against that very file.
What you really want to do is this:
while read -r i
do
openssl x509 -in "$i" -noout -text | grep 'Issuer|Not After' | sed -e 's/^[ \t]*//'
done < test.txt
P.S.: I did not verify that your openssl magic works, just fixed the loop logic.
I'm trying to use openssl to decrypt files. I can successfully encrypt them in a loop, but when I try to change the command to make it decrypt, I get "error reading input file."
for f in /dir1/dir2/*.txt ;
do [ -f $f ] && openssl aes-256-cbc enc -in $f -out $f.enc -k PASSWORD ;
done
!the above works for encrypting
for f in /dir1/dir2/*.txt.enc ;
do [ -f $f ] && openssl enc -d -aes-256-cbc -k PASSWORD -in $f -out $f;
done
"error reading input file"
So I've tried making the input file $f.txt.enc, and $f.enc, and similar fiddling with the outfile. No luck.
I think your encoding line has problem, missing - in front of the aes part ... for reference here are lines that work for me:
openssl enc -aes-256-cbc -in $f -out $f.enc -k PASSWORD
openssl enc -aes-256-cbc -d -in $f.enc -out $f.dec -k PASSWORD
With cat its possible to use cat <(echo "example") <(echo "example").
I'd like to use this method also in OpenSSL:
openssl verify -CAfile <(echo "PEM") <(echo "PEM")
but i have this error: Error loading file /dev/fd/63
How can i solve this?
Info:
At the end id like to execute this command in node.js and pass in the two PEM args (as string).
You do not specify the CA file: it should be openssl verify -CAfile /path/to/cafile
You do not provide the contents of the PEM file. It should be something like echo -e "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", where the ... is the certificate encoded in Base64, or much easier: cat /path/to/pemfile1 /path/to/pemfile2 | openssl verify -CAfile /path/to/cafile
I'm trying to write small linux utility for development purposes that works with JWT signatures.
Problem: linux secret and secret from jwt.io website are different.
I'm using default data from https://jwt.io/#debugger-io and HS256.
Example:
# hmac256
$ echo -n "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9" | hmac256 secret
> 4c9540f793ab33b13670169bdf444c1eb1c37047f18e861981e14e34587b1e04
# openssl
$ echo -n "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9" | openssl dgst -sha256 -hmac secret
> (stdin)= 4c9540f793ab33b13670169bdf444c1eb1c37047f18e861981e14e34587b1e04
# Key from website
# TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
Found answer, result of hash utilities should be in binary format and also in base64 encoding.
So working commands are:
echo -n "{header}.{payload}" | hmac256 --binary secret | base64
echo -n "{header}.{payload}" | openssl dgst -sha256 -binary -hmac secret | base64
Example:
$ echo -n "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9" | hmac256 --binary secret | base64
> TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ=
$ echo -n "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9" | openssl dgst -sha256 -binary -hmac secret | base64
> TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ=
I know the string "foobar" generates the SHA-256 hash c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2 using
http://hash.online-convert.com/sha256-generator
However the command line shell:
hendry#x201 ~$ echo foobar | sha256sum
aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f -
Generates a different hash. What am I missing?
echo will normally output a newline, which is suppressed with -n. Try this:
echo -n foobar | sha256sum
If you have installed openssl, you can use:
echo -n "foobar" | openssl dgst -sha256
For other algorithms you can replace -sha256 with -md4, -md5, -ripemd160, -sha, -sha1, -sha224, -sha384, -sha512 or -whirlpool.
If the command sha256sum is not available (on Mac OS X v10.9 (Mavericks) for example), you can use:
echo -n "foobar" | shasum -a 256
echo -n works and is unlikely to ever disappear due to massive historical usage, however per recent versions of the POSIX standard, new conforming applications are "encouraged to use printf".
echo produces a trailing newline character which is hashed too. Try:
/bin/echo -n foobar | sha256sum
For the sha256 hash in base64, use:
echo -n foo | openssl dgst -binary -sha256 | openssl base64
Example
echo -n foo | openssl dgst -binary -sha256 | openssl base64
C+7Hteo/D9vJXQ3UfzxbwnXaijM=
Use printf instead of echo to avoid adding an extra newline.
printf foobar | sha256sum
For an arbitrary string, the %s format specifier should be used.
printf '%s' 'somestring' | sha256sum
I believe that echo outputs a trailing newline. Try using -n as a parameter to echo to skip the newline.