edit this page
sffhmac

sffhmac

Generate an MD5, SHA1, SHA224, SHA256, SHA384 or SHA512 signature from input
file or string.

If no file is specified, any string following all the parameters is used

    sffhmac -Z sha256 -I 'appid=fip123' -K '7d11beed7346bf00a8c6063dc4003c47' -H
-D

++ MD5 - usually want ALL the data - esp not trimming of the data at the end
(-x t and -p)
    sffhmac -Z md5 -S -b 64 -p -x t -i (filename)

++ For Google Authentication, put the shared secret in a FipHdr field
(Note the shared secret should NOT contain an embedded NUL/zero chr as this
will terminated the string

sffhmac -Z sha1 -K '\K1' -n 6 -N 8 -z google_otp -I '\A3'
sffhmac -Z sha1 -K '\K1' -n 6 -N 8 -z google_otp -I '\M3'
sffhmac -Z sha1 -K '\K1' -n 6 -N 8 -z google_otp -I '\P3'

+ Paramter file setup/GOOGLE_OTP will have :

; 30 secs
sum:A3:0    (\$p / 30)
sum:M3:0    (\$p / 30) - 1
sum:P3:0    (\$p / 30) + 1

To give an SHA256 hex signature to an empty string, in *nix, use /dev/null (in
Windows create and empty file and use that)

with internal display of workings
    sffhmac -Z sha256 -i /dev/null -H -D -S
or a string of ""
    sffhmac -Z sha256 -I "" -H -D -S
without internal stuff
    sffhmac -Z sha256 -i /dev/null -H -d -S

++ Example of creating/checking a DropBox Content-hash by hand !!
    using the dropbox sample jpg

Steps :
1. get data/digest
 ... loop
 ....  if no more data - stop
1.a split into 4MB
    dd if=dropbox_test_milky-way-nasa.jpg of=part1 bs=1024 count=4096
    dd if=dropbox_test_milky-way-nasa.jpg of=part2 bs=1024 count=4096 skip=4096
    dd if=dropbox_test_milky-way-nasa.jpg of=part3 bs=1024 count=4096 skip=8192

2. produce digest
    sffhmac -p = no parse; -x stcw = input is bin; -B = output is bin; -o
/fip/x/hp99 = digestfile for the split

    sffhmac -i part1 -S -Z sha256 -H -d -x stcw -p
        2a846fa617c3361fc117e1c5c1e1838c336b6a5cef982c1a2d9bdf68f2f1992a
    sffhmac -i part2 -S -Z sha256 -H -d -x stcw -p
        c68469027410ea393eba6551b9fa1e26db775f00eae70a0c3c129a0011a39cf9
    sffhmac -i part3 -S -Z sha256 -H -d -x stcw -p
        7376192de020925ce6c5ef5a8a0405e931b0a9a8c75517aacd9ca24a8a56818b
    (These should really be BINARY not HEX output)
        sffhmac -i part1 -S -Z sha256 -d -p -x stcw -B -o hp1

2.a concat /fip/x/hp*
    cat hp1 hp2 hp3 > hpall
    check it IS 96 bytes long
        sffdmp -d -D hpall
2.b create hash on the hashes !
    sffhmac -i hpall -S -Z sha256 -d -p -x stcw -H
        485291fa0ee50c016982abbfa943957bcd231aae0492ccbaa22c58e3997b35e0.

3. cleanup - zap all digests and parts in /fip/x

Input Variables :
    -i : file containing input (binary) no default
        a specialcase is -i stdin meaning 'read data from stdin' - usually a piped
stream
    -I : input as a FipSeq string       no default
        make sure any metachrs are escaped or are in FipSeq as it is parsed
        or use -p if input string is binary
    -k : file containing a key (binary) no default
    -K : key as a FipSeq string     no default
        make sure any metachrs are escaped or are in FipSeq as it is parsed
        or use -P if key is binary
optionals
    -a : FipSeq to add BEFORE digest is output  default: none
    -A : FipSeq to add AFTER  digest is output  default: none
-B : no conversion of output        default: base64
    -b 32 or -b 64 output as base 32 or base64  def: base64
    -H : convert output to HEX      default: base64
    -U : if output is Hex, force Upper  default: lower case
    -d : DO NOT display internal workings   default: display just the digest
    -D : display internal workings      default: display just the digest
    -e : extraFipHdr info to add        default: none
    -E : extraFipHdr info to add from a file    default: none
    -F : 2 letter FipHdr field to add digest to default: none- FipHdr not changed
    -h : strip FipHdr from input file   default: fh is also data
    -n : nibble size            default: no nibble
    -l : force length of DATA       default: size varies according to string or file
    -L : force length of KEY        default: size varies according to string or file
    -o : output digest to this file     default: display just the digest
    -O : output data too            default: display just the digest
    -p : do NOT parse DATA          default: DATA is in FipSeq and needs to be parsed
    -P : do NOT parse KEY           default: KEY is in FipSeq and needs to be parsed
    -s : allow spaces in the input data default: all spaces and controls are
zapped (except for NL)
    -S : output SHA digest          default: HMAC digest
        (key is ignored for SHA)
    -x : mangle the data (lcase for allow/ ucase for zap)   default: sTCw
        s/S allow/zap spaces/tabs; n/N newlines; t/T trim leading+trailing white
space; c/C controls; w/W all whitespace
    -z : optional parameter file in tables/setup containing fipseq  default: none
    -Z : type               default: sha1
        md5 sha1 sha224 sha256 sha384 sha512
    -v : display version and exit

Currently this is ONLY on Linux and Unix and not on WINNT.

Version Control
;01i-s  5sep18 ;ij added -S and swopped -K and -k -F -O -p -P -s ; k added -x
cst ;lm minor ;nop bugettes ;q -E /-1 ;r buffers
;01a-h  30dec16 chris original ;c redid doc ;e -I is now parsed ;f b32 ;g
nibbles and -z

(copyright) 2025 and previous years FingerPost Ltd.