Generating a base64 encoded SHA512 digest for a file (or set of files)

5.1k views Asked by At

The BlackBerry WebWorks SDK for Tablet OS build tool generates an archive that contains the files and a MANIFEST.MF with entry for each file and a base64 encoded SHA512 digest. However, there is a bug that too many files in the build will cause a build failure. I am trying to figure out how to generate that same information myself.

The example below comes from the MANIFEST.MF and it contains the filename and digest. However, the base64 variant uses _ instead of / and - instead of + and has no trailing == for padding.

Archive-Asset-Name: air/XX/IMG_0999.jpg
Archive-Asset-SHA-512-Digest: YI_KXWjpJwwsi5MDQPeBQc9SVi-bH6zYq5PgBD3jQiqHu-r-5Hv8A0yh_y5j2T9MpYZ5TVMW4JXHSXNYmpV1tA

I running Windows 7, but have GIT installed so I have MINGW32 as a bash shell. I found this piped combination of openssl and tr commands but it seems a bit of a kludge.

openssl dgst -sha512 -binary IMG_0999.gif | openssl enc -base64 | tr '+' '-' | tr '/' '_' | tr -d '=' | tr -d '\n'

Is there a better way to generate this digest?

Eventually, I will have to do for all the images in a directory tree. I was hoping for a script solution instead of having to write a program. A second question is how to generate that manifest syntax for all files in a directory (recursively). Would this be a bash shell script encompassing the above command? Any pointers here are appreciated since I haven't written a shell script before.

2

There are 2 answers

0
Kevin Hakanson On BEST ANSWER

Dennis Williamson's solution got me going but the tr version (2.0) that is installed did like that multiple character syntax. Also, the xargs version (4.1) didn't like the -I option. However, it got me started and that is what matters. Here is what I ended up with:

find . -type f -name '*.gif' -print0 | xargs -0 --replace=% sh -c 'echo -e "Archive-Asset-Name: %\nArchive-Asset-SHA-512-Digest: `openssl dgst -sha512 -binary % | openssl enc -base64 | tr "+" "-" | tr "/" "_" | tr -d "=" | tr -d "\n"`\n"'

and that generates the following (images names changed to protect the innocent)

Archive-Asset-Name: ./IMG_0001.gif
Archive-Asset-SHA-512-Digest: AsgQnXYxj07qy-DTlzqYEv3v1UNqbr1sp5kVz0PE8FYwD-q_0VM20Wyci3xunJwdqy59MbyIX1GGtSmhuETUHQ

Archive-Asset-Name: ./IMG_0032.gif
Archive-Asset-SHA-512-Digest: JE3lmvXxOjSpDoUjyvAp92E1T4b8AQGGJBCcBz_1AG2eoBoSRH76LHpWPEUAeXFx_kOqEaDMRGPrpYnlfcnz9g

Archive-Asset-Name: ./IMG_0003.gif
Archive-Asset-SHA-512-Digest: bJJQ-j-s9630FzUh3hP50h7gWYqJQ6o0FP37nUuSeSUmerFxBwR2X0VeTYn-h4cf7szUr4fqDfAKQLOK0gt7zA

I still need to tweak the name to not be prefixed with ./ but that is for another day.

0
Dennis Williamson On

You can shorten your command by combining some things:

openssl dgst -sha512 -binary IMG_0999.gif | openssl enc -base64 | tr '+/' '-_' | tr -d '=\n'

For all files in a tree, something like:

find . -type f -name '*.gif' -print0 | xargs -0 -I % sh -c 'openssl dgst -sha512 -binary "$(basename "$1")" | openssl enc -base64 | tr "+/" "-_" | tr -d "=\n" > "$1.sum"' _ $1