Search code examples
powershellterminalopensslcommand-promptsha

Why is the sha256 hash key different from Command Prompt and Powershell

So I'm currently doing a project at the moment, and I've came across integrity hashing. So I've been taught to use openssl sha256 to hash a css file for practice. I did this in Terminal, Command prompt and Powershell.

Terminal gave the same results as the Command prompt but powershell gave an entirely new result.

Command Prompt 3BmtwdrKmE6lXPHGqB1Z1jEERC8phQpUwTHMblpJ0Gw=

Command Prompt

Terminal 3BmtwdrKmE6lXPHGqB1Z1jEERC8phQpUwTHMblpJ0Gw=

Terminal

PowerShell Pxk/Pz8/P04/XD8/Px1ZPzEERC8pPw0KVD8xP25aST9sDQo=

PowerShell

tl;dr

Basically I just want to know the different output between terminal and command prompt to powershell

Extra:

I'm really interested in cyber security and I want to learn more, upskill and do what it takes to be a unicorn. Feel free to give me critic/advice <3.

Solution

  • You're dealing with an output encoding difference between Command Prompt, PowerShell, and OpenSSL's interpretation of such when run from these shells.

    To see your active code page from Command Prompt, run chcp.com. To see your active output encoding in PowerShell, check the status of the $OutputEncoding variable. Note: You will see code page differences.

    You may try in vain to set both to the same output encoding type, but OpenSSL will most likely still report differences.

    As an example, you can review the OpenSSL output from all output encoding types in PowerShell with:

    [System.Text.Encoding]::GetEncodings() | % { "`n`nCodePage $($_.CodePage):"; $OutputEncoding = [System.Text.Encoding]::GetEncoding($_.CodePage); openssl dgst -sha256 -binary .\index-styles.css | openssl base64 -A }

    Note: I doubt there's a similar hash listed when compared to OpenSSL's Command Prompt output.

    Anyhow, to avoid this problem, I would advise to use OpenSSL's built-in -out file parameter, then call OpenSSL twice, rather than rely on the pipeline (|):

    openssl dgst -sha256 -binary -out .\index-styles.out .\index-styles.css
openssl base64 -A -in .\index-styles.out

    You should (in theory) get consistent results from OpenSSL in both Command Prompt and PowerShell when using -out file then -in file

    Hope this helps.