Due to Windows changing their security policies, we are planning to begin code-signing driver files with the SHA-256 algorithm instead of SHA-1. However, we still want to be able to support older OS's that still require SHA-1 signing.
signtool.exe we are able to code sign files successfully with both SHA-1 and SHA-256 digest algorithms using the /fd flag. However, if possible, we would like to sign the file with both algorithms simultaneously. Is this even possible? We would like to avoid having multiple sets of drivers that are signed with different algorithms and determining which set to install based on OS -- which would be our alternative approach.
If anyone has had experience with accomplishing this please explain what approach you took. If this isn't possible, an explanation of why it's impossible would be appreciated.
I've investigated 30261296 however I'm still at a loss to find a way to generate the same results in Ruby with the openssl and/or digest gems. The OpenSSL output I'm trying to replicate in ruby is as follows:
$ openssl x509 -noout -subject_hash -in DigiCertSHA2SecureServerCA.pem85cf5865
In reading many things, I believe this hash is generated from the Subject: portion of the certificate, which is like the distinguished name. In this certificates case something to the effect of:
$ openssl x509 -noout -subject -in DigiCertSHA2SecureServerCA.crtsubject=C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
Attempting to SHA-1 encode that on the command line or in Ruby (which represents this as
/C=US,/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA when using the openssl gem) has not yeilded the same has results displayed by OpenSSL.
I'm trying to do this more natively in Ruby to avoid shelling out to openssl if possible since openssl and digest come along with the ruby env. In the end I need this to generate the hash directory tree ... i.e.
85cf5865.0 (hash + '.0').
The CA I'm hasing is DigiCertSHA2SecureServerCA.crt - DER encoded. I converted DER to PEM because openssl command line uses that without the additional
-inform der switch. It doesn't appear to matter to Ruby's openssl gem.
I'm working with a very restrictive embedded processor, which only has 128 bytes of ram. I'd like to implement SHA1 on it. RFC3174 describes, in 'method 2', a way of implementing SHA1 that doesn't require allocating an array of 80 32-bit words (which, at 320 bytes, is obviously not practical), and seems like it ought to be usable on my processor. I'm unable to find any implementations of 'method 2', though, and the sample code in the RFC only implements the default method.
Is anyone aware of a memory-efficient implementation of SHA1 in C or C++?
I try to hash the same string in delphi and python but i get different hashes ?
d = bytes('pr', 'utf-8')print((sha1(d).digest()).hex())output: 5498d9b96ed2832e04a90c4ac2ab71f869b2bfdc
...bytes := TEncoding.UTF8.GetBytes('pr');BinToHex(sha1Digest2(bytes);...output: 1ca1a00b40b8350d15cdce2935965d88b7798719Function TForm1.sha1Digest2(buffer: TBytes): TBytes;Var HashSHA1: THashSHA1;Begin HashSHA1 := THashSHA1.Create; HashSHA1.Update(buffer, SizeOf(buffer)); Result := HashSHA1.HashAsBytes;End;Function TForm1.binToHex(Const bin: Array Of Byte): String;Const HexSymbols = '0123456789ABCDEF';Var I: Integer;Begin SetLength(Result, 2 * Length(bin)); For I := 0 To Length(bin) - 1 Do Begin Result[1 + 2 * I + 0] := HexSymbols[1 + bin[I] Shr 4]; Result[1 + 2 * I + 1] := HexSymbols[1 + bin[I] And $0F]; End;End;
What i'm doing wrong ? Thanks in advance!
I want python to read to the EOF so I can get an appropriate hash, whether it is sha1 or md5. Please help. Here is what I have so far:
import hashlibinputFile = raw_input("Enter the name of the file:")openedFile = open(inputFile)readFile = openedFile.read()md5Hash = hashlib.md5(readFile)md5Hashed = md5Hash.hexdigest()sha1Hash = hashlib.sha1(readFile)sha1Hashed = sha1Hash.hexdigest()print "File Name: %s" % inputFileprint "MD5: %r" % md5Hashedprint "SHA1: %r" % sha1Hashed