How to get SHA1 sum of localhost.pub using system tools?
23 views
Skip to first unread message
Aleksey Tsalolikhin
Aug 29, 2017, 10:36:56 PM8/29/17
to help-cfengine
Hello,
I just noticed that the SHA sum of localhost.pub made using sha1sum doesn't match what "cf-key -p" returns.
I had a look at HashPubKey in libpromises/files_hashes.c but the C in there was over my head (same for libutils/hash.c).
Is there any way to get the SHA sum of localhost.pub with system tools? Just curious. (Actually, I'm putting together an introductory CFEngine training for system operators.)
Is there a way to do it using openssl on the command line?
Thanks,
Aleksey
--
Achieve real learning. Email trai...@verticalsysadmin.com.
Eystein Måløy Stenberg
Aug 30, 2017, 12:26:17 PM8/30/17
to help-c...@googlegroups.com
Hi,
It is not SHA-1, but SHA-256 (Enterprise) or MD5 (community).
However, I still don't think system tools would work easily because I
believe the hashing is done on the binary representation, not the ASCII
representation in the file.
As a workaround you could grab a static build of CFEngine and run
cf-promises --show-vars | grep SHA. There are static builds published
for every release of CFEngine community and enterprise. They will work
on almost every Linux distribution (except extremely old ones).
Search for "Linux binary tarball" in Enterprise [1] or Community [2]
download pages.
[1] hhttps://cfengine.com/product/free-download/
[2] https://cfengine.com/product/community/
> <mailto:trai...@verticalsysadmin.com>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "help-cfengine" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to help-cfengin...@googlegroups.com
> <mailto:help-cfengin...@googlegroups.com>.
> To post to this group, send email to help-c...@googlegroups.com
> <mailto:help-c...@googlegroups.com>.
> Visit this group at https://groups.google.com/group/help-cfengine.
> For more options, visit https://groups.google.com/d/optout.
--
Eystein
It is not SHA-1, but SHA-256 (Enterprise) or MD5 (community).
However, I still don't think system tools would work easily because I
believe the hashing is done on the binary representation, not the ASCII
representation in the file.
As a workaround you could grab a static build of CFEngine and run
cf-promises --show-vars | grep SHA. There are static builds published
for every release of CFEngine community and enterprise. They will work
on almost every Linux distribution (except extremely old ones).
Search for "Linux binary tarball" in Enterprise [1] or Community [2]
download pages.
[1] hhttps://cfengine.com/product/free-download/
[2] https://cfengine.com/product/community/
>
> --
> You received this message because you are subscribed to the Google
> Groups "help-cfengine" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to help-cfengin...@googlegroups.com
> <mailto:help-cfengin...@googlegroups.com>.
> To post to this group, send email to help-c...@googlegroups.com
> <mailto:help-c...@googlegroups.com>.
> Visit this group at https://groups.google.com/group/help-cfengine.
> For more options, visit https://groups.google.com/d/optout.
--
Eystein
Dimitrios Apostolou
Sep 19, 2017, 12:11:51 PM9/19/17
to Aleksey Tsalolikhin, help-cfengine
Hi Aleksey. The SHA256 hash that you see in enterprise is a hash of the binary representation of the modulus and the exponent as seen with the command:
openssl rsa -RSAPublicKey_in -in /var/cfengine/ppkeys/localhost.pub -text
You'll need a bit of coding to convert hex of the modulus to raw binary, and then decimal of the exponent to raw binary, and concatenate the two.openssl rsa -RSAPublicKey_in -in /var/cfengine/ppkeys/localhost.pub -text
--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengine+unsubscribe@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Aleksey Tsalolikhin
Sep 19, 2017, 3:26:48 PM9/19/17
to Dimitrios Apostolou, help-cfengine
Yay! Thank you gentlemen. =)
Reply all
Reply to author
Forward
0 new messages