Openssl Md5 Example

Openssl md5 hash example
  1. Openssl Dgst Md5 Example
  2. Openssl Md5 Example C
  3. Openssl Md5 Example Pdf
  4. Openssl Md5 Example

Example of secure server-client program using OpenSSL in C. In this example code, we will create a secure connection between client and server using the TLS1.2 protocol. In this communication, the client sends an XML request to the server which contains the username and password.

OpenSSL is a program and library that supports many different cryptographic operations, including:

  • Symmetric key encryption
  • Public/private key pair generation
  • Public key encryption
  • Hash functions
  • Certificate creation
  • Digital signatures
  • Random number generation

$ openssl sha1 filename SHA1 (filename)= e83a42b9bc84be50b6341a35d3dceb $ openssl md5 filename MD5 (filename)= 26e9855f8ad6a5906fea121283c729c4 As in my previous “GnuPG Hacks” article, the above examples use a file that contains the string: “The Linux Journal ”. Note that there is no period in the string. Poco MD5 Example. Example of and MD5 calculation app using POCO C libraries installed with Conan C/C package manager. Compiling steps. Create a build directory: $ mkdir build && cd build Install dependencies (Poco - OpenSSL - zlib): $ conan install. Configure the CMake project (Using MSVC 15 in this example): $ cmake.

Each of the operations supported by OpenSSL have a variety of options, such as input/output files, algorithms, algorithm parameters and formats. This article aims to give a demonstration of some simple and common operations.

To start learning the details of OpenSSL, read the man page, i.e. man openssl. You'll soon learn that each of the operations (or commands) have their own man pages. For example, the operation of symmetric key encryption is enc, which is described in man enc. Although it is good to read the man pages, in my (and others) experience, the man pages of OpenSSL can be very detailed, hard to follow, confusing and out of date. So hopefully this article will make life easier for those getting started.

There are otherwebsites that give an overview of OpenSSL operations, as well as programming with the API. I used some of them to write the following notes. Check them out for more details.

Initial Steps

Lets first determine the current versions of Ubuntu, Linux and OpenSSL I am using:

If you are using different versions, then it is still a very good chance that all the following commands will work. In the past I have had problems with different versions of OpenSSL but for only for very specific operations.

Update (2013-08-02): I just tested on a Apple iMac using OS X 10.8.4 and OpenSSL version 0.9.8x 10 May 2012. Most operations worked. See my additional comments at the end of this article if you are using a similar version of OpenSSL.

As input plaintext I will copy some files on Ubuntu Linux into my home directory. You don't need to do this if you already have some files to encrypt. It doesn't matter what files you use. I have chosen the following three, and will rename them simply to plaintext1.in, plaintext2.in, plaintext3.in:

  1. /usr/share/dict/words - a large text file containing a list of words, i.e. a dictionary
  2. /usr/bin/openssl - the binary for the program OpenSSL
  3. /etc/legal - a short text file containing the Ubuntu legal notice

Openssl Dgst Md5 Example

Symmetric Key Encryption

The most common cryptographic operation is encryption. Lets encrypt some files using selected symmetric key (conventional) ciphers such as DES, 3DES and AES.

Symmetric key encryption is performed using the enc operation of OpenSSL. To encrypt we need to choose a cipher. A list of supported ciphers can be found using:

The lowercase seed is an alias for the actual cipher SEED-CBC, i.e. SEED using CBC mode of operation. You can use the cipher names in either lowercase or uppercase.

Now lets encrypt using DES and ECB, creating an output file ciphertext1.bin. Enter a password when prompted - OpenSSL will automatically convert it to a key appropriate for DES:

To decrypt, include the -d option:

Openssl Md5 Example C

The lack of output from the diff indicates the files plaintext1.in and plaintext1.out are identical. We've retrieved the original plaintext.

xxd was used to view the first 96 bytes, in hexadecimal, of the ciphertext. The first 8 bytes contain the special string Salted__ meaning the DES key was generated using a password and a salt. The salt is stored in the next 8 bytes of ciphertext, i.e. the value f2538361b87d1a3e in hexadecimal. So when decrypting, the user supplies the password and OpenSSL combines with the salt to determine the DES 64 bit key.

Lets try an example where we select a key. I will use AES with a 128 bit key and Counter (CTR) mode of operation. In addition to the key, an initialisation vector (IV) is needed.

Both the Key (not uppercase -K) and IV were specified on the command line as a hexadecimal string. With AES-128, they must be 32 hex digits (128 bits). You may choose any value you wish.

Public Key Encryption, Certificates and Digital Signatures

I have written several guides that introduce topics related to public key cryptography, including:

Hash Functions

Example

Hash functions (like MD5 and SHA) as well as MAC functions (e.g. using HMAC) are available via the message digest (dgst) operating of OpenSSL. To list the available algorithms:

Calculate the MD5 hash of a file:

Now create a new file, slightly different from the previous and see that the MD5 hash is significantly different:

Use SHA-256, first outputing to the terminal and then in binary to a file:

Create a MAC using HMAC and MD5. First generate a random 128 bit key (see Random Number below for further explanation), then pass the key as an option when using HMAC:

A much simpler alternative to calculate hash values is to use the Linux programs md5sum and sha1sum (and its variants sha224sum, sha256sum and so on). For example:

Random Numbers

The rand operation of OpenSSL can be used to produce random numbers, either printed on the screen or stored in a file. Some quick examples:

Openssl Md5 Example Pdf

Write 8 random bytes to a file (then view that file with xxd in both hexadecimal and binary):

Generate a 128 bit (16 byte) random value, shown in hexadecimal:

Another way to generate random values on Linux (without using OpenSSL) is using urandom:

Read man rand and man urandom for further details.

Performance Benchmarking

OpenSSL has a built-in operation for performance testing. It encrypts random data over short period, measuring how many bytes can be encrypted per second. It can be used to compare the performance of different algorithms, and compare the performance of different computers.

To run performance tests across a large set of algorithms, simple use the speed operation. Note that it may take a few minutes:

Md5

You can select the algorithms to test, e.g. AES, DES and MD5:

The output shows the progress, the versions and options used for OpenSSL and then a summary table at the end. Focus on the summary table, and the last line (for aes-128-cbc) in the example above. The speed test encrypts as many b Byte input plaintexts as possible in a period of 3 seconds. Different size inputs are used, i.e. b = 16, 64, 256, 1024 and 8192 Bytes. The summary table reports the encryption speed in Bytes per second. So if 25955833 16-Byte plaintext values are encrypted in 3 seconds, then the speed reported in the summary table is 25955833 × 16 ÷ 3 ≈ 138 million Bytes per second. You can see that value (138,894.09kB/s) in the table above. So AES using 128 bit key and CBC can encrypt about 138 MB/sec when small plaintext values are used and 155 MB/sec when plaintext values are 8192 Bytes.

Normally OpenSSL implements all algorithms in software. However recent Intel CPUs include instructions specifically for AES encryption, a feature referred to as AES-NI. If an application such as OpenSSL uses this special instruction, then part of the AES encryption is performed directly by the CPU. This is usually must faster (compared to using general instructions). To run a speed test that uses the Intel AES-NI, use the evp option:

Compare the values to the original results. In the original test we achieved 138 MB/sec. Using the Intel AES hardware encryption we get a speed of 689 MB/sec, about 5 times faster.

OpenSSL 0.9.8x on Mac OS X

Running the above commands on Mac OS X 10.8.4 which uses OpenSSL 0.9.8x produces correct results, except for the following:

  • The OpenSSL list- operations do not work, e.g. list-cipher-algorithms and list-message-digest-algorithms. But its not a problem because in fact if you give an invalid option with OpenSSL it prints an error followed by the algorithms that are supported.
  • Counter (CTR) mode is not supported. So I replaced aes-128-ctr with aes-128-cfb (or you can choose from any of the supported modes of operation).
  • The command line options for performing a HMAC are different. Instead of -mac hmac -macopt hexkey:KEY use -hmac KEY.
  • Although not an issue with OpenSSL, the Linux programs md5sum and sha256sum are not supported on Mac OS X. Instead you can use md5 and shasum -a.

Openssl Md5 Example

If you have an older version of OpenSSL (pre 1.0) - no matter what operating system - then you may try the above commands instead.

PDF version of this page, 31 Jul 2013

Created on Wed, 31 Jul 2013, 4:36pm

Last changed on Mon, 03 Nov 2014, 11:06am