openssl generating SHA-256

I’m trying to use openssl to create a cryptographic hash of a file using HMAC-SHA-256. I’m confused as to why I’m seeing a ‘no such file or directory’ error on the output.

The key I’m using is in a file called mykey.txt.

This is my command:

openssl dgst -sha256 -hmac -hex hexkey:$(cat mykey.txt) -out hmac.txt /bin/ps

And the output

enter image description here

Here is Solutions:

We have many solutions to this problem, But we recommend you to use the first solution because it is tested & true solution that will 100% work for you.

Solution 1

-hmac takes the key as an argument (see manual), so your command asks for an HMAC using the key -hex. hexkey:... is taken as a filename, since it doesn’t start with a dash, and openssl doesn’t take options after filenames, so the following -out is also a filename.

To get the HMAC with a key given as a hex string, you’ll need to use -mac hmac and -macopt hexkey:<key>. Note that using -hmac <key> and
-mac hmac together doesn’t work, and -macopt requires -mac hmac.

Test:

openssl dgst -sha256 -hmac abc <<< "message"
openssl dgst -sha256 -hmac abc -macopt hexkey:12345678 <<< "message"
openssl dgst -sha256 -mac hmac -macopt hexkey:616263 <<< "message"
perl -MDigest::HMAC=hmac_hex -MDigest::SHA=sha256 \
    -le 'print(hmac_hex("message\n", "abc", \&sha256))'

All give the hash 99592e56fcde028fb41882668b0cbfa0119116f9cf111d285f5cedb000cfc45a which agrees with a random online HMAC calculator for message message\n, key abc or 616263 in hex. (Note the newline at the end of message here.)

So, it seems you’d probably want

openssl dgst -sha256 -mac hmac -macopt hexkey:$(cat mykey.txt) -out hmac.txt /bin/ps

Since we’re talking about cryptography, which is hard; and OpenSSL, which doesn’t always have the most easy-to-use interfaces, I would suggest also verifying everything yourself, at least twice, instead of taking my word for it.

Solution 2

openssl dgst -sha256 -hmac -hex -macopt hexkey:$(cat mykey.txt) -out hmac.txt /bin/ps

Note: Use and implement solution 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply