sffhmac Generate an MD5, SHA1, SHA224, SHA256, SHA384 or SHA512 signature from input file or string. If no file is specified, any string following all the parameters is used sffhmac -Z sha256 -I 'appid=fip123' -K '7d11beed7346bf00a8c6063dc4003c47' -H -D ++ MD5 - usually want ALL the data - esp not trimming of the data at the end (-x t and -p) sffhmac -Z md5 -S -b 64 -p -x t -i (filename) ++ For Google Authentication, put the shared secret in a FipHdr field (Note the shared secret should NOT contain an embedded NUL/zero chr as this will terminated the string sffhmac -Z sha1 -K '\K1' -n 6 -N 8 -z google_otp -I '\A3' sffhmac -Z sha1 -K '\K1' -n 6 -N 8 -z google_otp -I '\M3' sffhmac -Z sha1 -K '\K1' -n 6 -N 8 -z google_otp -I '\P3' + Paramter file setup/GOOGLE_OTP will have : ; 30 secs sum:A3:0 (\$p / 30) sum:M3:0 (\$p / 30) - 1 sum:P3:0 (\$p / 30) + 1 To give an SHA256 hex signature to an empty string, in *nix, use /dev/null (in Windows create and empty file and use that) with internal display of workings sffhmac -Z sha256 -i /dev/null -H -D -S or a string of "" sffhmac -Z sha256 -I "" -H -D -S without internal stuff sffhmac -Z sha256 -i /dev/null -H -d -S ++ Example of creating/checking a DropBox Content-hash by hand !! using the dropbox sample jpg Steps : 1. get data/digest ... loop .... if no more data - stop 1.a split into 4MB dd if=dropbox_test_milky-way-nasa.jpg of=part1 bs=1024 count=4096 dd if=dropbox_test_milky-way-nasa.jpg of=part2 bs=1024 count=4096 skip=4096 dd if=dropbox_test_milky-way-nasa.jpg of=part3 bs=1024 count=4096 skip=8192 2. produce digest sffhmac -p = no parse; -x stcw = input is bin; -B = output is bin; -o /fip/x/hp99 = digestfile for the split sffhmac -i part1 -S -Z sha256 -H -d -x stcw -p 2a846fa617c3361fc117e1c5c1e1838c336b6a5cef982c1a2d9bdf68f2f1992a sffhmac -i part2 -S -Z sha256 -H -d -x stcw -p c68469027410ea393eba6551b9fa1e26db775f00eae70a0c3c129a0011a39cf9 sffhmac -i part3 -S -Z sha256 -H -d -x stcw -p 7376192de020925ce6c5ef5a8a0405e931b0a9a8c75517aacd9ca24a8a56818b (These should really be BINARY not HEX output) sffhmac -i part1 -S -Z sha256 -d -p -x stcw -B -o hp1 2.a concat /fip/x/hp* cat hp1 hp2 hp3 > hpall check it IS 96 bytes long sffdmp -d -D hpall 2.b create hash on the hashes ! sffhmac -i hpall -S -Z sha256 -d -p -x stcw -H 485291fa0ee50c016982abbfa943957bcd231aae0492ccbaa22c58e3997b35e0. 3. cleanup - zap all digests and parts in /fip/x Input Variables : -i : file containing input (binary) no default a specialcase is -i stdin meaning 'read data from stdin' - usually a piped stream -I : input as a FipSeq string no default make sure any metachrs are escaped or are in FipSeq as it is parsed or use -p if input string is binary -k : file containing a key (binary) no default -K : key as a FipSeq string no default make sure any metachrs are escaped or are in FipSeq as it is parsed or use -P if key is binary optionals -a : FipSeq to add BEFORE digest is output default: none -A : FipSeq to add AFTER digest is output default: none -B : no conversion of output default: base64 -b 32 or -b 64 output as base 32 or base64 def: base64 -H : convert output to HEX default: base64 -U : if output is Hex, force Upper default: lower case -d : DO NOT display internal workings default: display just the digest -D : display internal workings default: display just the digest -e : extraFipHdr info to add default: none -E : extraFipHdr info to add from a file default: none -F : 2 letter FipHdr field to add digest to default: none- FipHdr not changed -h : strip FipHdr from input file default: fh is also data -n : nibble size default: no nibble -l : force length of DATA default: size varies according to string or file -L : force length of KEY default: size varies according to string or file -o : output digest to this file default: display just the digest -O : output data too default: display just the digest -p : do NOT parse DATA default: DATA is in FipSeq and needs to be parsed -P : do NOT parse KEY default: KEY is in FipSeq and needs to be parsed -s : allow spaces in the input data default: all spaces and controls are zapped (except for NL) -S : output SHA digest default: HMAC digest (key is ignored for SHA) -x : mangle the data (lcase for allow/ ucase for zap) default: sTCw s/S allow/zap spaces/tabs; n/N newlines; t/T trim leading+trailing white space; c/C controls; w/W all whitespace -z : optional parameter file in tables/setup containing fipseq default: none -Z : type default: sha1 md5 sha1 sha224 sha256 sha384 sha512 -v : display version and exit Currently this is ONLY on Linux and Unix and not on WINNT. Version Control ;01i-s 5sep18 ;ij added -S and swopped -K and -k -F -O -p -P -s ; k added -x cst ;lm minor ;nop bugettes ;q -E /-1 ;r buffers ;01a-h 30dec16 chris original ;c redid doc ;e -I is now parsed ;f b32 ;g nibbles and -z (copyright) 2024 and previous years FingerPost Ltd.