当前位置: 文江博客话题详情

bash 中的 HMAC-SHA1

发布于 2024-12-02 19:27:05 字数 140 浏览 1 评论 0原文

是否有 bash 脚本来生成 HMAC-SHA1 哈希值?

我正在寻找与以下 PHP 代码等效的内容:

hash_hmac("sha1", "value", "key");
原文

Is there a bash script to generate a HMAC-SHA1 hash?

I'm looking for something equivalent to the following PHP code:

hash_hmac("sha1", "value", "key");

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

苏别ゝ 2024-12-09 19:27:05

我意识到这并不完全是您所要求的,但是重新发明轮子并编写 bash 版本是没有意义的。

您只需使用 openssl命令在脚本中生成哈希值。

[me@home] echo -n "value" | openssl dgst -sha1 -hmac "key"
57443a4c052350a44638835d64fd66822f813319

或者简单地说:

[me@home] echo -n "value" | openssl sha1 -hmac "key"
57443a4c052350a44638835d64fd66822f813319

记住将 -necho 一起使用,否则换行符会附加到字符串中,从而更改您的数据和哈希值。

该命令来自 OpenSSL 软件包,该软件包应该已经安装(或轻松安装)在您选择的 Linux/Unix、Cygwin 等操作系统中。

请注意,旧版本的 openssl(例如随 RHEL4 附带的版本)可能不提供 -hmac 选项。

作为替代解决方案,但主要是为了证明结果是相同的,我们还可以从命令行调用 PHP 的 hmac_sha1()

[me@home]$ echo '<?= hash_hmac("sha1", "value", "key") ?>' | php
57443a4c052350a44638835d64fd66822f813319

I realise this isn't exactly what you're asking for, but there's no point in reinventing the wheel and writing a bash version.

You can simply use the openssl command to generate the hash within your script.

[me@home] echo -n "value" | openssl dgst -sha1 -hmac "key"
57443a4c052350a44638835d64fd66822f813319

Or simply:

[me@home] echo -n "value" | openssl sha1 -hmac "key"
57443a4c052350a44638835d64fd66822f813319

Remember to use -n with echo or else a line break character is appended to the string and that changes your data and the hash.

That command comes from the OpenSSL package which should already be installed (or easily installed) in your choice of Linux/Unix, Cygwin and the likes.

Do note that older versions of openssl (such as that shipped with RHEL4) may not provide the -hmac option.

As an alternative solution, but mainly to prove that the results are the same, we can also call PHP's hmac_sha1() from the command line:

[me@home]$ echo '<?= hash_hmac("sha1", "value", "key") ?>' | php
57443a4c052350a44638835d64fd66822f813319
回复 原文
所有深爱都是秘密 2024-12-09 19:27:05

这是一个 bash 函数,其工作方式类似于 PHP 中的 hash_hmac

#!/bin/bash

function hash_hmac {
  digest="$1"
  data="$2"
  key="$3"
  shift 3
  echo -n "$data" | openssl dgst "-$digest" -hmac "$key" "$@"
}

# hex output by default
hash_hmac "sha1" "value" "key"

# raw output by adding the "-binary" flag
hash_hmac "sha1" "value" "key" -binary | base64

# other algos also work
hash_hmac "md5"  "value" "key"

Here is a bash function that works like hash_hmac from PHP:

#!/bin/bash

function hash_hmac {
  digest="$1"
  data="$2"
  key="$3"
  shift 3
  echo -n "$data" | openssl dgst "-$digest" -hmac "$key" "$@"
}

# hex output by default
hash_hmac "sha1" "value" "key"

# raw output by adding the "-binary" flag
hash_hmac "sha1" "value" "key" -binary | base64

# other algos also work
hash_hmac "md5"  "value" "key"
回复 原文
原来是傀儡 2024-12-09 19:27:05

感谢 hash_hmac 函数!但这对于我的申请来说还不够。如果有人想知道,我必须使用先前哈希结果的密钥对内容进行多次重新哈希,因此是二进制输入。 (Amazon AWS 身份验证签名是这样创建的。)

因此,我需要一种以不会破坏算法的方式提供二进制密钥的方法。然后我发现了这个: http: //openssl.6102.n7.nabble.com/command-line-hmac-with-key-in-hex-td6754.html

斯蒂芬Henson 的回复要求 hash_hmac 函数返回十六进制格式的值。因此它需要回显以下内容:

$ echo -n "$data" | openssl dgst "-$digest" -hmac "$key" | sed -e 's/^.* //'

然后下一个调用需要提供密钥作为十六进制:

$ echo -n "$data" | openssl dgst "-$digest" -mac HMAC -macopt "hexkey:$key" | sed -e 's/^.* //'

希望这可以帮助任何人,可能是那些试图创建 bash 脚本以使 AWS 上的 CloudFront 条目无效的人(就像我一样!)(我还没有还没有测试过,但我认为这就是为什么我的 bash 脚本不起作用,而我的 PHP 脚本却起作用的原因......)

Thanks for the hash_hmac function! But it was not enough for my application. In case anyone wondered, I had to re-hash stuff several times using a key that was the result of the previous hashing, and therefore is a binary input. (The Amazon AWS authentication signature is created like this.)

So what I needed was a way to supply the binary key in some way that would not break the algorithm. Then I found this: http://openssl.6102.n7.nabble.com/command-line-hmac-with-key-in-hex-td6754.html

Stephen Henson's reply requires the hash_hmac function to return the value in hex format. So it needs to echo the following:

$ echo -n "$data" | openssl dgst "-$digest" -hmac "$key" | sed -e 's/^.* //'

Then the next call would need to provide the key as an hexit:

$ echo -n "$data" | openssl dgst "-$digest" -mac HMAC -macopt "hexkey:$key" | sed -e 's/^.* //'

Hopefully this helps anyone, probably someone who is trying to create bash scripts to invalidate CloudFront entries on AWS (like me!) (I haven't tested it yet, but I think this is the thing that is the cause of why my bash script does not work, and my PHP one does...)

回复 原文
深白境迁sunset 2024-12-09 19:27:05

安装了node.js后,您可以使用 HMAC-CLI 工具:

npx hmac-cli generate 'value' -h sha1 -s key

返回:

57443a4c052350a44638835d64fd66822f813319

Having node.js installed you can use HMAC-CLI tool:

npx hmac-cli generate 'value' -h sha1 -s key

returns:

57443a4c052350a44638835d64fd66822f813319
回复 原文
舟遥客 2024-12-09 19:27:05

对于那些喜欢在命令行上探索更多 JWT 的人:
酷jwt bash脚本

To those who like to explore more JWT on the command line:
cool jwt bash script

回复 原文
~没有更多了~

关于作者

知足的幸福

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文