What exactly is SHA-256?
SHA-256 is a member of the SHA-2 (Secure Hash Algorithm 2) family. It was developed by the Untied States National Security Agency (NSA) way back in 2001. Basically, it is a set of cryptographic hash functions. Secure Hash Algorithm and 256 means “256 bit output”. There are other digest sizes (224, 256, 384, or 512 bits), but we’re going to be focused on 256 today.
Why do I need to create a SHA-256 hash?
As a developer, you likely already know there are plenty of use cases for SHA-256. It’s used in some of the most popular authentication and encryption protocols, including SSL, TLS, IPsec, SSH, and PGP. In fact in Unix and Linux, SHA-256 is used for secure password hashing. Even cryptocurrencies such as Bitcoin use SHA-256 for verifying transactions. Adding it to your tool belt is worthwhile.
A SHA-256 Use Case
Now that you know what a SHA-256 hash is, you are probably chomping at the bit to create your own hashes, right? But what if you don’t want to go to another website or use another tool to generate said hash? Well, you are in luck my friends. I’m going to show you how you can do it without leaving the command line.
As I mentioned before, there are plenty of use cases for this, but let’s focus on an API service that uses a hash passed in the header for authentication. Let’s say you want to authenticate to an API service to pull some data. Before you can access that service, you will need to authenticate. This is generally passed in the header to the service before you can have access to the service.
For this example, say we need the following information from our provider to construct the authentication hash. API Token, API Secret Key, Action we want to take, Timestamp in GMT format of the day of the week, day, three-letter month, YYYY and timestamp in hh:mm:ss. The fields need to be separated by a colon (:) in the following order
API TOKEN:GMT TimeStamp:API Action:API Secret Key
To accomplish this in Linux from the CLI, all you need to do is echo the combined string and pipe it to sha256sum to output the hash. An example follows
$ echo -n RANDOMSTRING:Tue, 08 Feb 2022 02:40:43 GMT:ActionVerb:APISecretKey | sha256sum
5501f9375de1da66f6c5d71c0a388e805106fa58330b0ef01269ad6493f5c217 -
The hash of RANDOMSTRING:Tue, 08 Feb 2022 02:40:43 GMT:ActionVerb:APISecretKey is 5501f9375de1da66f6c5d71c0a388e805106fa58330b0ef01269ad6493f5c217
Note the -n short option used in the echo command here. It instructs echo to not output the trailing newline. Also note the “-” in the output. It is not part of the hash. This is generally where the filename would be printed. Since we ran the shasum from the input passed in on stdin, a dash (-)
is printed instead.
There you go. If you find yourself in need of a SHA-256 hash for whatever reason, you don’t even have to leave your command line! For more Tech Tips, make sure you visit our blog often!