I'm trying to create a hash for files in the directory using this script:
for file in *.zip; do openssl dgst -sha256 -binary ${file%.*}.zip $file | base64 >> ${file%.*}.zip.base64sha256; done
It creates hash like this:
b5iQL1fo5r+6osykGr0mcEZ14Xdbn8y0SrFGIuzMfeRvmJAvV+jmv7qh7OUavSZwRnXhd1ufzLRKsUYi7Mx95A==
But for terraform and AWS Lambdas I need a shorted hash value. I can get by using terminal and command like this:
openssl dgst -sha256 -binary archive.zip | base64 >> hash.base64sha256
And output is b5iQL1fo5r+6osykGr0mcEZ14Xdbn8y0SrFGIuzMfeQ=
So the question is: how I can retrieve short version of hash? It's required by terraform and AWS (when hash value is long - lambda are going to redeploy every time)
If you decode the "long" base64 you'll see that it's the same sequence of bytes repeated. That's because here
openssl dgst -sha256 -binary ${file%.*}.zip $file
you are specifying the file twice, once removing the extension and then re-adding it as .zip in ${file%.*}.zip, the other plainly as $file. This results in outputting the concatenated hash for both inputs (that are the same). To fix this, just specify it once:
openssl dgst -sha256 -binary "$file"
(with quotes to avoid problems with whitespace in shell expansion)
Instead of
for file in *.zip; do openssl dgst -sha256 -binary ${file%.*}.zip $file | base64 >> ${file%.*}.zip.base64sha256; done
try
for file in *.zip; do openssl dgst -sha256 -binary ${file%.*}.zip | base64 >> ${file%.*}.zip.base64sha256; done
Related
What if you want to put your ssh private or public key into environment variable and access it on a CI system?
A key looks like this, so how can you convert it in a base64 string without newlines?
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACAICS0Scec9oD2raCs5HoZyQuZCPXJAVZvIJ+OooR0faAAAAJBsx4YgbMeG
IAAAAAtzc2gtZWQyNTUxOQAAACAICS0Scec9oD2raCs5HoZyQuZCPXJAVZvIJ+OooR0faA
AAAEDd1JmV4ligped6DH18jnlyEriUfNve+80vexKOOZjUwQgJLRJx5z2gPatoKzkehnJC
5kI9ckBVm8gn46ihHR9oAAAABmF3c2JvdAECAwQFBgc=
-----END OPENSSH PRIVATE KEY-----
First generate your keys or you can use any existing keys whether it's RSA or ED25519
ssh-keygen -t ed25519 -C "coo#abc.com"
Encode it into base64
cat id_ed25519 | base64 | tr -d \\n
Now you can copy paste the output anywhere you want, this should give you a string with 0 newlines.
To verify
echo your_encoded_string | base64 --decode
You should see the same key as you had in your file.
A quickest way is simply:
cat <filename> | base64 -w 0
my file test.txt contains
checksum test file
when I upload into blob its md5 is
CONTENT-MD5 cvL65GNcvWFoqZUTI5oscw==
when I run in local md5Sum test.txt its value is
72f2fae4635cbd6168a99513239a2c73
As discussed in the comments. Solution from here:
Googled around and found a suggestion to use openssl dgst, and it
worked!
openssl dgst -md5 -binary $filename | base64
Turns out, md5sum returns a hex representation of the hash and I had
to unhex it before computing its base64:
md5sum --binary $filename | awk '{print $1}' | xxd -p -r | base64
I am trying to use certutil with its basic syntax to encode a string that shows me more than what i need. The output of the following
command:
certutil -encode pass.txt
output:
-----BEGIN CERTIFICATE-----
Z29sZGVuZ2F0ZTEyMw==
-----END CERTIFICATE-----
Please tell me how to use certutil command to get rid off these lines
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
OS: Windows 7
certutil -encode pass.txt | grep -v CERTIFICATE will work
edit:
grep -v removes lines that matches the regex provided, so this will remove any line containing the phrase "CERTIFICATE"
I have the two lines in bash
grep -L "BEGIN RSA PRIVATE KEY" *
grep -l "BEGIN RSA PRIVATE KEY" *
And would like to use them in a Python array
I've tried to get it working with a subprocess, but the "*" was not working.
I get a file not found error from grep.
I need to be able to sign a EXE in Linux. Following the directions listed at https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Build_Instructions/Signing_an_executable_with_Authenticode, I was able to get it done using Mono. However, I'm running into problems -- apparently Mono's signcode only supports md5 and sha1 hash algorithm. I'm trying to sign using sha256. Anyone know how I can get this done?
Thanks!
I was unable to find out how to do this with Mono's signcode but this can be done using https://sourceforge.net/projects/osslsigncode/files/osslsigncode/ -- use -h sha2 parameter when signing.
According to the mono documenation following algorithms are supported:
sha1 | md5 | sha2 | sha256 | sha384 | sha512
So the adjusted example from Mozilla would look like this:
signcode \
-spc authenticode.spc \
-v authenticode.pvk \
-a sha256 -$ commercial \
-n My\ Application \
-i http://www.example.com/ \
-t http://timestamp.verisign.com/scripts/timstamp.dll \
-tr 10 \
MyApp.exe```