0

So i'm making this program to generate mock data to populate a database and I want my passwords to be in SHA256 for the obvious reasons. Upon looking some stuff up found the openssl/sha.h lib and tried using it - first time using openssl to be honest.

After quite a bit fighting with it I managed to get it running and code the string into sha256, but apparently it's in base64. So far had no luck turning it back into an ASCII string.

Hopefully someone can provide some pointers on how to get this working

Pedro Barbeira
  • 118
  • 8
  • 1
    Does this answer your question? [Generate sha256 with OpenSSL and C++](https://stackoverflow.com/questions/2262386/generate-sha256-with-openssl-and-c) You also may be thinking about passwords the wrong way. You don't care about turning the sha256 hash back into text, what you care about is taking the next password entry, hashing that, and comparing it to the hash of the original. – David C. Rankin Oct 23 '22 at 03:43
  • not really, since the low level functions SHA256_* are deprecated and won't compile. I'll give a deeper look into it, but to be honest some explanation regarding how to use the open ssl libs would be much appreciated... guess I'm shooting above my paygrade, can't crack the APIs :/ – Pedro Barbeira Oct 23 '22 at 03:45
  • 1
    There is the EVP example as well. That is the current approach. Did the addition to my comment help thinking about the approach any? – David C. Rankin Oct 23 '22 at 03:46
  • just found the EVP example. thanks for pointing it out. and you're right. time to call it a day – Pedro Barbeira Oct 23 '22 at 03:48
  • 1
    Glad it helped. Good luck with your coding and night. Also, the selected answer is C, but does compile and work without error. Required includes (in addition to `stdio.h`, `stdlib.h`, `string.h` and `errno.h`) are `openssl/ssl.h` and `openssl/crypto.h`. Then compile as normal adding `-lssl` and `-lcrypto`. You can add a short `main()` with `char *str = argc > 1 ? argv[1] : "my dog has fleas", buf[128] = {0}; sha256_string (str, buf); puts (buf);` to test. – David C. Rankin Oct 23 '22 at 04:00
  • regarding the edit on your first comment, this particular program just generates a bunch of fake data according to my models and string formats them into a populate.sql - hence the need to get the hashed passwords as strings. I applied the solution yesterday morning - still haven't had a chance to parse through it properly and actually learn due to other projects requiring my attention - and it worked like a charm. thanks! to be fair it was my first time using openssl and it's quite daunting, to say the least hahaha. can't wait to climb that mountain! cheers :D – Pedro Barbeira Oct 24 '22 at 18:23
  • 1
    We've all been there. What makes openssl daunting is the documentation is written presuming you already know a fair bit about the opensssl library. While it does have a few examples for each of the different approaches, it really needs a more thorough walk-through. That's just the reality with many very very good projects, especially open-source projects, time is limited and documentation is always last on the list. Many times it relies on contributors seeing the need and writing a guide (or compiling from many disparate sources). Glad it worked for you. – David C. Rankin Oct 25 '22 at 04:22

0 Answers0