온라인 SHA256 해시 생성기

I'm trying to develop some sort of PKI management too with PHP, and I'm finding many issues (partially due documentation) using PHP Openssl.

For example, I learnt via hard way (try-and-error) that PHP openssl doesn't check really for OPENSSL_CONF environment variable, the only real way to use a different config file is to use the $configArray('config' => file_path) argument.

Currently I'm stuck trying to generate a CSR using SHA256 hash method. For the tests I'm using this minimal (but working) openssl.conf configuration:

distinguished_name  = req_distinguished_name[req]default_md          = sha256[req_distinguished_name][end_req_ext]keyUsage                = digitalSignature,keyEnciphermentextendedKeyUsage        = serverAuth,clientAuth

(note that the 'default_md' setting is overriden by the $configArray['digest_alg'] parameter.

I use this code for testing:

$config = array(    'digest_alg' => "sha256",    'private_key_bits' => 384,    'config'    => "/tmp/opensslmy.conf");$dn = array(    "countryName" => "UK",    "stateOrProvinceName" => "Somerset",    "localityName" => "Glastonbury",    "organizationName" => "The Brain Room Limited",    "organizationalUnitName" => "PHP Documentation Team",    "commonName" => "Wez Furlong");$key = openssl_pkey_new($config);if (!$key) {    print "Error on PKEY_NEW: ".openssl_error_string()."\n";    exit(1);}$csr = openssl_csr_new ( $dn , $key, $config );$pem = "";if (openssl_csr_export($csr, $pem)) {    print $pem."\n";} else {    print "Error on CSR_NEW: ".openssl_error_string()."\n";}

It fails:

PHP Warning:  openssl_csr_new(): Error signing request in /home/mark/Desktop/ssltest.php on line 25PHP Warning:  openssl_csr_export() expects parameter 1 to be resource, boolean given in /home/mark/Desktop/ssltest.php on line 27Error on CSR_NEW: error:0E06D06C:configuration file routines:NCONF_get_string:no value

If set the initial $config array 'digest_alg' to either md5 or sha1 it works like a charm and succsfully generates a CSR with the given hash algorithm.

I also tried to remove that 'digest_alg' key from the config array and specify it exclusively in the config file (as for my experience I know even for the openssl req -new command, the -sha256 doesn't work and that is the only way to generate sha256 CSRs)

I'm currently using PHP 5.5.9 and OpenSSL 1.0.1f.

I'm doing something wrong?Too old PHP versions?

I'm building a Facebook Page app in Classic ASP. I've been unable to match the signature that Facebook passes into the app as the first part of the POSTed signed_request.

Because there are few libraries for cryptography in VBScript, I'm using server side Javascript and the crypto-js library from https://code.google.com/archive/p/crypto-js/

I've tried to translate the PHP code example from Facebook's docs at https://developers.facebook.com/docs/games/gamesonfacebook/login#parsingsr into Javascript. I can generate an HMAC SHA256 hash of the signed_request payload but that doesn't match the signed_request signature.

I think the problem is that Facebook's signature is in a different format. It looks to be binary (~1抚Ö.....) while the HMAC SHA256 hash I'm generating is a hexadecimal string (7f7e8f5f.....). In Facebook's PHP example the hash_hmac function uses the raw binary parameter. So I think I need to either convert Facebook's signature to hexadecimal or my signature to binary in order to do an "apples-to-apples" comparison and get a match.

Here's my code:

/* Use the libraries from https://code.google.com/archive/p/crypto-js/crypto-js/crypto-js.min.jscrypto-js/hmac-sha256.min.jscrypto-js/enc-base64.min.js*/var signedRequest = Request.queryString("signed_request")var FB_APP_SECRET = "459f038.....";var arSR = signedRequest.split(".");var encodedSig = arSR[0];var encodedPayload = arSR[1];var payload = base64UrlDecode(encodedPayload);var sig = base64UrlDecode(encodedSig);var expectedSig;expectedSig = CryptoJS.HmacSHA256(encodedPayload, FB_APP_SECRET); // Unaltered payload string; no matchexpectedSig = CryptoJS.HmacSHA256(payload, FB_APP_SECRET); // base64-decoded payload string; no matchif (sig == expectedSig) {    Response.write(payload);} else {    Response.write("Bad signature");}function base64UrlDecode(input) {    // Replace characters and convert from base64.    return Base64.decode(input.replace("-", "+").replace("_", "/"));}

I am taking message and key from this URL

import hmacimport hashlibimport base64my = "/api/embedded_dashboard?data=%7B%22dashboard%22%3A7863%2C%22embed%22%3A%22v2%22%2C%22filters%22%3A%5B%7B%22name%22%3A%22Filter1%22%2C%22value%22%3A%22value1%22%7D%2C%7B%22name%22%3A%22Filter2%22%2C%22value%22%3A%221234%22%7D%5D%7D"key = "e179017a-62b0-4996-8a38-e91aa9f1"print(hashlib.sha256(my + key).hexdigest())

I am getting this result:

2df1d58a56198b2a9267a9955c31291cd454bdb3089a7c42f5d439bbacfb3b88

Expecting result:

adcb671e8e24572464c31e8f9ffc5f638ab302a0b673f72554d3cff96a692740

I would like to calculate SHA256 of large files in PHP. Currently, I am using Amazon Glacier to store old files and their API to upload the archive. Initially, I just used small files that cannot reach to MB-sized images. When I tried to upload more than 1MB, the API response said that the checksum I gave to them is different from what they had calculated.

Here is my code to upload the file:

//get the sha256 using the file path$image = //image path;$sha256 = hash_file("sha256", $image);$archive = $glacier->uploadArchive([        'accountId' => '',         'body' => "",        'checksum' => $sha256,        'contentSHA256' => $sha256,        'sourceFile' => $image,        'vaultName' => 'my-vault'    ]);

And the error:

AWS HTTP error: Client error: `POST https://glacier.us-west-2.amazonaws.com/vaults/70/archives` resulted in a `400 Bad Request` response:{"code":"InvalidParameterValueException","message":"Checksum mismatch: expected 9f1d4da29b6ec24abde48cb65cc32652ff589467 (truncated...)

I tried the function like below to check for the final hash but it seems it's not the right hash when I print it:

private function getFinalHash($file){    $fp = fopen($file, "r");    $ctx = hash_init('sha256');    while (!feof($fp)) {        $buffer = fgets($fp, 1024);        hash_update($ctx, $buffer);    }    $hash = hash_final($ctx, true); print_r($hash);exit;    fclose($fp);}

The resulted hash is like this: ŸM¢›nÂJ½äŒ¶\Ã&RÿX”gíÖ'„IoA\C÷×I presume that the only problem here is getting the final hash of the file. The file size is 5.7 MB.

I think there has something to with the correct way of providing the checksum but I don't know how I should do it with large files. I really need your help.

My go code is producing different sha256sum values than bash commandline. I've read through various questions and answers and they all point to what I've already done, as this community asks me to do before posting

Here's my sha256sum code on go

sha256Key:=verifyEmail+":"+md5password+":"+dateStrhasherSha256 := sha1.New()hasherSha256.Write([]byte(sha256Key))sha256Val:=hex.EncodeToString(hasherSha256.Sum(nil))

And here's my bash script code:

key=$( echo -n "$verifyEmail:$md5PWD:$pwTime" | sha256sum)echo $key

Ive already validated that the keys are the same. One note, my dateStr variable inside go comes from date formatting:

now := time.Now().Unix()rem := now % 3600date := now-rem         dateStr:=strconv.FormatInt(date,10)

Usually I get downvotes so I tried making this question as clear and concise as possible.

Please let me know if im missing anything.

Thanks