> From: owner-openssl-us...@openssl.org On Behalf Of Abdulhadi
Abulzahab
> Sent: Saturday, 05 November, 2011 12:32
> 1 - I want to use the " sha1" command but I need the result to go
> into txt file not only to appear on the screen
> otherwise I need to print the result of encryption into text file
To put the output of the 'sha1' utility (actually 'dgst -sha1')
in a file INSTEAD of the screen (or other interactive stdout),
use the -out option on any operating system; or standard OS redirection
on OSes that have it, which Windows does, on a commandline command.
If you want it BOTH places, run the utility twice if the input is
repeatable, and not so huge (or frequent) as to be a performance problem;
and a hash of nonrepeatable input is valueless anyway. Or use a program
that receives one copy from openssl and writes two copies (or even more).
On Unix the 'tee' program does this; Windows ports can be found.
Also, the result of sha1 is a hash value, not an encrypted one.
Encryption can be reversed (back to plaintext) IF you have the key, but
not without. A (crypto) hash, or digest, cannot be reversed by anyone.
> 2 - I want to create a simple batch file contains the sha1 command
> I typed in the cmd :
> copy con test.bat
> cd c:\openssl\bin
> openssl.exe
> des -nosalt -in text.txt -out testenc.txt
> ctrl+z
> but when I execute the batch file it runs the openssl and stop
<snip>
Actually it hangs, waiting for input.
1: That's not a sha1 command, it's a des command.
But the answer is the same for both (and others too).
2: A program run from a Windows batch file does NOT get input from
that batch file. In contrast, a program run from a Unix shell script
(including some Unix shell ports to Windows) *can* get input from
that script using the "here-document" syntax <<terminator .
(Actually you *can* do this interactively also, but interactively
it's almost always easier to just use terminal-EOF.)
2a: To get input to a program run from a Windows batch file, you can:
- pipe it, which is easier for a simple constant like this:
echo sha1 -in file | \path\to\openssl
- put it in a file and redirect from that:
echo sha1 -in file >tempfile
\path\to\openssl <tempfile
but in both cases if the program reads further from stdin,
as the sha1 (or des) utility will do if you don't use -in,
you need to have both the utility line and its data in one
pipe or file, which is usually harder to get right.
2b: But for openssl in particular, you don't need to feed the
utility command as input, you can put it on the commandline:
\path\to\openssl sha1 -in file
2c: Single-DES has been brute-forceable for almost a
decade; don't use it for any data that actually matters,
unless for compatibility with seriously obsolete things.
des3 (aka des-ede) or aes (128, 192, 256 all are fine)
are common and good. Others are a more advanced topic.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
