I want to encrypt "hello" text using "123456789" key with AES-128 bit encryption cipher, so i go to https://aesencryption.net/ site and tried to encrypt. It gives me result in base64 as 44VUz6QR9WOx3tIzrTVKIg==
Now on linux machine i tried same with openssl cli (with hex converted key and without hex), but it doesnt produce the same result as above website.
echo -n "hello" | ./openssl aes-128-cbc -K 313233343536373839 -iv 00000000000000000000000000000000 -a
OUTPUT:hd7d6N4iUsaeFnp76ZgnmA==
echo -n "hello" | ./openssl aes-128-cbc -k 123456789 -iv 00000000000000000000000000000000 -a -nosalt
OUTPUT: U7lXytP7pnVcOPwi8Hjd7A==
So anyone tell me what am i missing?
I have a shell script where a file path $path have some text which I encrypt as below and it works:
content_sha256="$(openssl dgst -binary -sha256 < $path | openssl enc -e -base64)";
The value of variable content_sha256 works correctly.
Now, I have a string $body which I want to encrypt. I am trying below but it gives me entirely different result.
content_sha256="$(echo $body | openssl dgst -sha256 | openssl enc -e -base64)";
Am I piping something wrong or option for openssl should be different?
Correct answer below
content_sha256="$(echo $body | openssl dgst -binary -sha256 | openssl enc -e -base64)";
Points to note:
Include -binary option.
Instead of redirection of file content as input, use echo $body with pipe .
I'm creating a script in bash that uses the command:
openssl x509 -in <cert> -noout -text | grep 'Issuer\|Not After' | sed -e 's/^[ \t]*//'
and check all certificate files in the directory, I used the command
ls -l | grep .crt | cut -d " " -f11 > test.txt
to get the following certificate list:
client.crt
client1.crt
client12.crt
client2.crt
client3.crt
server12.crt
server2.crt
however when I run:
for i in test.txt;do openssl x509 -in $i -noout -text | grep 'Issuer|Not After' | sed -e 's/^[ \t]*//';done
I get the following output:
unable to load certificate
140075503359296:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
You're not iterating over the files listed in your test.txt, your executing openssl against that very file.
What you really want to do is this:
while read -r i
do
openssl x509 -in "$i" -noout -text | grep 'Issuer|Not After' | sed -e 's/^[ \t]*//'
done < test.txt
P.S.: I did not verify that your openssl magic works, just fixed the loop logic.
I'm trying to use openssl to decrypt files. I can successfully encrypt them in a loop, but when I try to change the command to make it decrypt, I get "error reading input file."
for f in /dir1/dir2/*.txt ;
do [ -f $f ] && openssl aes-256-cbc enc -in $f -out $f.enc -k PASSWORD ;
done
!the above works for encrypting
for f in /dir1/dir2/*.txt.enc ;
do [ -f $f ] && openssl enc -d -aes-256-cbc -k PASSWORD -in $f -out $f;
done
"error reading input file"
So I've tried making the input file $f.txt.enc, and $f.enc, and similar fiddling with the outfile. No luck.
I think your encoding line has problem, missing - in front of the aes part ... for reference here are lines that work for me:
openssl enc -aes-256-cbc -in $f -out $f.enc -k PASSWORD
openssl enc -aes-256-cbc -d -in $f.enc -out $f.dec -k PASSWORD
I know the string "foobar" generates the SHA-256 hash c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2 using
http://hash.online-convert.com/sha256-generator
However the command line shell:
hendry#x201 ~$ echo foobar | sha256sum
aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f -
Generates a different hash. What am I missing?
echo will normally output a newline, which is suppressed with -n. Try this:
echo -n foobar | sha256sum
If you have installed openssl, you can use:
echo -n "foobar" | openssl dgst -sha256
For other algorithms you can replace -sha256 with -md4, -md5, -ripemd160, -sha, -sha1, -sha224, -sha384, -sha512 or -whirlpool.
If the command sha256sum is not available (on Mac OS X v10.9 (Mavericks) for example), you can use:
echo -n "foobar" | shasum -a 256
echo -n works and is unlikely to ever disappear due to massive historical usage, however per recent versions of the POSIX standard, new conforming applications are "encouraged to use printf".
echo produces a trailing newline character which is hashed too. Try:
/bin/echo -n foobar | sha256sum
For the sha256 hash in base64, use:
echo -n foo | openssl dgst -binary -sha256 | openssl base64
Example
echo -n foo | openssl dgst -binary -sha256 | openssl base64
C+7Hteo/D9vJXQ3UfzxbwnXaijM=
Use printf instead of echo to avoid adding an extra newline.
printf foobar | sha256sum
For an arbitrary string, the %s format specifier should be used.
printf '%s' 'somestring' | sha256sum
I believe that echo outputs a trailing newline. Try using -n as a parameter to echo to skip the newline.