I'am looking for a tool that can compute a AES128 CMAC as a command line. Openssl does not seem to offer this feature with the command line. Did I miss something, or do you know a command line tool that can perform this computation?
Using newer OpenSSL (1.0.1 I think), you could do:
openssl dgst -mac cmac -macopt cipher:aes-128-cbc -macopt hexkey:11223344556677889900112233445566 -sha1 <file>
Choose the cipher with -macopt cipher:<cipher> option and the hash with -<hash>.
[sweep over old questions]
Looked in source of openssl, but could not find it either. There is a patch available for openssl (search for peter, ibm and openssl) but you will have to test it against the latest and rebuild. OpenSSL is a very useful but horribly maintained library/tool.
If there is another tool that does AES/CMAC, it's very good at hiding as well.
Related
I am performing a code signing using osslsigncode. I wanted to know if there was a way to overwrite the file being signed using the same name instead of creating a new one? I tried using the same name however I get an error saying file exists.
Current command:
osslsigncode sign -pkcs12 "./my.pfx" -pass "${CERT_PASS}" -in "/app/out/my.dll" -out "/app/out/mySigned.dll"
What I would like(overwriting the file passed in):
osslsigncode sign -pkcs12 "./my.pfx" -pass "${CERT_PASS}" -in "/app/out/my.dll" -out "/app/out/my.dll"
It is not implemented in osslsigncode and the maintainer is not going to support inplace signing yet. The fastest workaround is the rename/remove cycle.
In Node.js I use following code
hash = crypto.createHmac('sha256', SECRET).update(file).digest('hex');
to calculate HMAC. However Linux command line analog produces different hash code:
> openssl sha256 -hmac "SECRET" file
What is wrong in command line? What are correct arguments?
I need to call openssl from a binary, I wrote xml text in a popen( ) call to a script embedding openssl
I get a problem if my binary fails during writing, openssl ends succesfully to write my file, but when I decode I get a truncated file.
I would like to check at the end of openssl call if the received stream ends with "< /myEndTag>"
Context: my binary must never write a file not encrypted, I would like not to openssl decode
here is an example, to illustrate (thanks to comments, this is not a valid statement, just a way to make you get an idea):
echo "blablaf foo bar" | openssl -out file.crypt | grep -E "bar$"
then, if grep has found "bar$", my file.crypt is good
I found a solution fitting my needs:
my script now use a tee to tail before openssl
tee >(tail -n2 > ${checkfile} ) | /usr/bin/openssl enc -aes-256-cbc -out ${outfile} -e -K ${KEY} -iv ${KEYOPTION}
grepping my end xml tag in the checkfile which only contains 2 lines is secure enough.
As I mentionned, checking openssl return code is not enough since I write to openssl via a popen statement.
If my binary hangs while he is writing, it seems the streams goes to openssl, which find his end, no matter if it's the real end or a broken stream. openssl finely make a valid encrypted output file with the truncated content.
I'am facing a problem, in AIX platform, we use a command to generate checksum:
Sample:
exec 0<list
while read line
do
openssl md5 $line >> checksum.out
done
But this last for a long time. I find out that our cpus still have free resources.
It's the openssl md5 running multithread? If not how can I let it run by multithread, or using other method to speed up it.
Best Regards
Void
If I understand correctly from the answer and comments of this question, it can't be done as there are dependencies between the steps in the hashing algorithm (and I guess OpenSSL would have a multithreaded implementation if it was generally possible).
However you could always parallelize the tasks by starting n instances of openssl md5 in parallel.
For example (assuming n = 4 threads)
while read line; do
openssl md5 $line >> checksum.out0 &
openssl md5 $(read) >> checksum.out1 &
openssl md5 $(read) >> checksum.out2 &
openssl md5 $(read) >> checksum.out3
done
The last one should not run in the background if you want to keep the exact number of threads running at the same time. Also you may want to make sure that the different lines take about the same time to complete so you don't end up with race conditions.
Also this example is not really tested (using $(read)), and there are probably better ways to do it (for example let each instance write its output to a separate file and then concatenate them all afterwards - e.g. cat checksum.out* > checksum.out), but it should be enough of an idea to help you get started.
EDIT:
I just tested and read works the way I hoped, so by making a new output file for each instance of openssl md5 with incremented numbers at the end (for example by including a counter variable) you can just add an extra line at the end of the script to cat the outputs into a single file.
Resulting script:
exec 0<list
COUNT=0
while read line; do
openssl md5 $line >> checksum.out$((COUNT++)) &
openssl md5 $(read) >> checksum.out$((COUNT++)) &
openssl md5 $(read) >> checksum.out$((COUNT++)) &
openssl md5 $(read) >> checksum.out$((COUNT++))
done
cat checksum.out* > checksum.out
Should do the trick (just remember to clean up all the temporary files afterwards...)
I'm trying to get the MD5 of the specified Java package by going through: http://www.oracle.com/technetwork/java/javase/downloads/java-se-binaries-checksum-1956892.html
However, that entire table is just a one-liner in the HTML code, so that makes it a little trickier.
Since you have tagded your question with sed, grep, etc. I am assuming you'll do it from Linux. So you can use Perl's one liner for this.
perl -MLWP::Simple -e "$\ = $/; print for get('http://www.oracle.com/technetwork/java/javase/downloads/java-se-binaries-checksum-1956892.html') =~ m|<td>([a-f0-9]{32})</td>|g;"
This is first downloading the html into $_ variable. Then its parsing the hash from the <td> tags using regex. Pretty simple, yet powerful!
This is from your request, using curl + gnu grep
curl -s http://www.oracle.com/technetwork/java/javase/downloads/java-se-binaries-checksum-1956892.html|grep -Po '(?<=<td>)[a-f0-9]{32}'
Explanation
curl command will get the hmtl to stout and pipe to grep command
grep -Po '(?<=<td>)[a-f0-9]{32}' is a positive look-behind assertion, get only md5 sum. It should be supported in JAVA as well.
For your new request, I recommend to use lynx (text-based web browser). So if you have it ready, run this command:
lynx -dump http://www.oracle.com/technetwork/java/javase/downloads/java-se-binaries-checksum-1956892.html |grep jdk-7u51-solaris-sparc.tar.Z
jdk-7u51-solaris-sparc.tar.Z eb2ebfe3217d306f0ee549edc1875a93
explanation
1) lynx is text-base web browser, here are its homepage and related introduces.
http://lynx.isc.org/lynx2.8.7/index.html
http://en.wikipedia.org/wiki/Lynx_(web_browser)
http://en.wikipedia.org/wiki/Text-based_web_browser
2) lynx with -dump option will take a snapshot on that webpage with reserved format. I used it as html2txt tool. Here is the sample webpage for your reference.
Java SE Binaries Checksum
Checksum for Java SE 7u51 binaries
Filename MD5 Checksum
jdk-7u51-linux-arm-vfp-hflt.tar.gz 80e14facc0aa784f44d8f142025dd020
jdk-7u51-linux-arm-vfp-sflt.tar.gz a2965bc7591a257da8c09772f15f6195
jdk-7u51-linux-i586.rpm 457fb449a4486860ec5bde6c28ce8ec4
jdk-7u51-linux-i586.tar.gz 909d353c1caf6b3b54cc20767a7778ef
jdk-7u51-linux-x64.rpm c523e7339d925c1e6c5994813f7c9e86
jdk-7u51-linux-x64.tar.gz 764f96c4b078b80adaa5983e75470ff2
jdk-7u51-macosx-x64.dmg 73e9cc08d590021706e117c81bc9a4a9
jdk-7u51-solaris-i586.tar.Z 9127418718bec67a4146c5dc1da15155
jdk-7u51-solaris-i586.tar.gz cd914ce06ff537a3acb249d23baf6244
jdk-7u51-solaris-x64.tar.Z 5ee1d6b0d607f80ac0e376485d70e9e4
jdk-7u51-solaris-x64.tar.gz 6e00698dc72b707580f11c4e0288ab2b
jdk-7u51-solaris-sparc.tar.Z eb2ebfe3217d306f0ee549edc1875a93
jdk-7u51-solaris-sparc.tar.gz 60bdb8a9b19db80848d8b6c27466276b
jdk-7u51-solaris-sparcv9.tar.Z 9da60e11238b288a5339688acd64abe0
jdk-7u51-solaris-sparcv9.tar.gz 1cb3c5e8cdcad6c9bfaffc3874187786
jdk-7u51-windows-i586.exe 121b2a740e18bc00b0e13f4537e5f1bc
jdk-7u51-windows-x64.exe d1367410be659f1b47e554e7bd011ea0
jre-7u51-linux-i586.rpm 28d0ee36020023904e64afeebc9555cc
jre-7u51-linux-i586.tar.gz f133f125ca93acef3f70d1912cc2f4b0
jre-7u51-linux-x64.rpm d914baffa3cb378a6054969d7d9bbbd0
jre-7u51-linux-x64.tar.gz 1f6a93cc5ef5f66bb01bc39fd731cd9f
jre-7u51-macosx-x64.dmg b66f5af9e3607dc5727f752a9d28b7fd
jre-7u51-macosx-x64.tar.gz cbd57817ea302be8b2c44968e130bb9b
jre-7u51-solaris-i586.tar.gz 61c5daacea83dc1b267e84bf21e22645
jre-7u51-solaris-x64.tar.gz f03c4d69124f0595db32e20f2aa517f2
jre-7u51-solaris-sparc.tar.gz f9b459dabd97428e95275e259422d6a7
jre-7u51-solaris-sparcv9.tar.gz 32cb98b794bc01ca79f1b6e51fe09c9c
jre-7u51-windows-i586-iftw.exe 5e8cb14f5264af82f66008306e56eaa8
jre-7u51-windows-i586.exe 1af9e2aa8264b023404a76d3fb6751fe
jre-7u51-windows-i586.tar.gz 3921c19528d180902939b9f4c9ac92f1
jre-7u51-windows-x64.exe b0f3a9c0f4c2c66127223ba3644b54f6
jre-7u51-windows-x64.tar.gz 1931de2341f22408be9d6639205675c9
server-jre-7u51-linux-x64.tar.gz c5a034f4222bac326101799bcb20509c
server-jre-7u51-solaris-i586.tar.gz 955d2884960124e93699008236d736fe
server-jre-7u51-solaris-x64.tar.gz b858f9326986cfc7f7cceb4b166c0bfa
server-jre-7u51-solaris-sparc.tar.gz 04c708b162e6210b546b0eef188d4adb
server-jre-7u51-solaris-sparcv9.tar.gz 7ae0e51f5836289d71ad614326c5e9c8
server-jre-7u51-windows-x64.tar.gz 4d9855b5b54cbae9d04318eae9b8e11e
Use the md5sum command line utility on Linux to verify the integrity of
the downloaded file.
Use the md5 command line utility on Mac OS X to verify the integrity of
the downloaded file
See the following articles for guidance on how to verify these
checksums on other platforms:
* Microsoft Windows: [29]Availability and description of the File
Checksum Integrity Verifier utility
Left Curve
Java SDKs and Tools
Right Curve
[30]Java SE
[31]Java EE and Glassfish
[32]Java ME
[33]JavaFX
[34]Java Card
[35]NetBeans IDE
[36]Java Mission Control
Left Curve
Java Resources
Finally went with sed:
$ curl -s http://www.oracle.com/technetwork/java/javase/downloads/javase8-binaries-checksum-2133161.html | sed -nr 's|.*>jdk-8-linux-x64.tar.gz</td><td>(<*[^<]*).*|\1|p'
7e9e5e5229c6603a4d8476050bbd98b1