SQLite Forum

SHA3 and certUtil
Login
Chronological

SHA3 and certUtil

(1) By anonymous on 2021-02-16 22:40:01 [link] [source]

I tried using certUtil in Windows 10 to compare SHA3 as displayed in the download page and the reported SHA3 by certUtil. They are not the same. Is there a proper program to use?

(2) By Stephan Beal (stephan) on 2021-02-16 22:49:05 in reply to 1 [link] [source]

I tried using certUtil in Windows 10 to compare SHA3

SHA3 has numerous variants. Make sure to use the 256-bit variant.

(3) By anonymous on 2021-02-16 23:05:48 in reply to 2 [link] [source]

On the website: sqlite-amalgamation-3340100.zip sha3: be0d07b08969aa775c628f214c723955c0bfe880d72c3289a1ff54ad779b15d3

Command: certUtil -hashfile sqlite-amalgamation-3340100.zip SHA256 Response: SHA256 hash of sqlite-amalgamation-3340100.zip: e0b1c0345fe4338b936e17da8e1bd88366cd210e576834546977f040c12a8f68 CertUtil: -hashfile command completed successfully.

Am I missing something?

(5) By Larry Brasfield (larrybr) on 2021-02-16 23:18:26 in reply to 3 [link] [source]

What you missed is that an sha256 hash is not a sha3_256 hash. The latter matches what is stated on the download page. The former yields your result.

(4.2) By Keith Medcalf (kmedcalf) on 2021-02-16 23:38:52 edited from 4.1 in reply to 1 [link] [source]

CertUtil does not do sha3.

The Windows hash algorithms are limited to MD2, MD4, MD5, SHA1; and, the SHA2 variants called SHA256, SHA384, and SHA512.

The hashes on the download page listed as SHA3 are the variant of SHA3 known as SHA3-256.

SHA2 was published in 2001, and added to Windows by Microsoft in 2019. So based on past performance, Microsoft will adopt SHA3 (published in 2015) sometime in 2033.

Third-party tools such as openssl can generate sha3-256 hashes.

>openssl sha3-256 sqlite-tools-win32-x86-3340100.zip
SHA3-256(sqlite-tools-win32-x86-3340100.zip)= 9f42a533e5dd04c98e575cb95ef6458eacb43dbaa3cc0c51558a6a626f2a3acd

(6) By anonymous on 2021-02-16 23:23:29 in reply to 4.0 [source]

Thanks, to the both of you. I appreciate the responses.

(7) By Keith Medcalf (kmedcalf) on 2021-02-16 23:32:55 in reply to 1 [link] [source] 

>md5 sqlite-amalgamation-3340100.zip be0d07b08969aa775c628f214c723955c0bfe880d72c3289a1ff54ad779b15d3
3.9.1 (tags/v3.9.1:1e5d33e, Dec  7 2020, 17:08:21) [MSC v.1927 64 bit (AMD64)]
sys.version_info(major=3, minor=9, micro=1, releaselevel='final', serial=0)
 File Name:  sqlite-amalgamation-3340100.zip
      Size:  2433624
       md4:  6DA4 DAD0 F573 957B BCD3 85D1 BAB0 158F
       md5:  FC92 D927 5D9B AA48 3C71 99F4 4B86 D4AE
      sha1:  ADF5 F5F2 B859 A9FC BF5F DF6F 87B2 CD42 949C 267C
    sha224:  B451 9D2C 078F 0503 BF96 1268 5C93 D99B AD40 A328 2A62 BB62 B841 5CFD
    sha256:  E0B1 C034 5FE4 338B 936E 17DA 8E1B D883 66CD 210E 5768 3454 6977 F040 C12A 8F68
    sha384:  050E D4CC 8E2D C75C 3BC2 76FE B104 98A2 7E56 81EA CED9 DEC3 C12D A460 A1C4 4696
             A3F5 ED43 539B E729 B2FD 2B90 1ADD 311F
    sha512:  8A93 6F1C 34FC 9036 CADF 5BD5 3F9E E594 135C 2EFD EF1D 2C82 BD4F DF3E 0218 AFDE
             710F C4C4 36CF C992 687D 008E 6086 A697 DA04 8735 2ED8 8809 D677 E05D 8249 40DD
  sha3_224:  F38A ACFA 85A2 7582 3631 D1CF 88E7 2D9E C97D 22C6 62FB 8AE8 0978 0479
  sha3_256:  BE0D 07B0 8969 AA77 5C62 8F21 4C72 3955 C0BF E880 D72C 3289 A1FF 54AD 779B 15D3
  sha3_384:  BA08 2E9C 9087 D409 E6D5 EAA6 E859 E27A 0507 BD0E CA69 4950 0A92 938D F2B3 BAD4
             2033 AFCE 72C4 25EA AE41 4925 BBD1 9123
  sha3_512:  B324 1F80 A991 3A12 205D CEB5 AEFB F3B6 90AC 1363 0039 0C13 BE7E 8361 7888 476C
             CC56 2D37 EEDD 3C6C 8CA7 45AA 4862 767A 2573 08D8 584B EECC 3E2F C37C ADD7 E9FC
   blake2b:  0418 FE06 2FE0 6BC2 DC20 C831 890F 75D0 A5AB 7EFF 7FFE 0298 E85E 2105 474E 471B
             C662 3102 2AA4 51D2 9E98 C20F E4FA D77A AAE5 932E 4D3C CEE5 0E90 B9C3 6B89 2F00
   blake2s:  4D7A AE79 7C7B 493A 4487 F189 F0A8 A775 0AF2 9974 2058 8354 0F4C E82C E11E 9AC5
  md5-sha1:  FC92 D927 5D9B AA48 3C71 99F4 4B86 D4AE ADF5 F5F2 B859 A9FC BF5F DF6F 87B2 CD42
             949C 267C
      mdc2:  C6B8 3AA7 9561 9756 870D 566E 4285 E844
 ripemd160:  05D2 171B 840E 8E35 1DEF AF23 6ACF 3F0E 976A 649B
sha512_224:  98FD 5668 DEB3 EC0A 1B95 F560 2EC4 6E1D B6E5 1354 6F09 FB27 FEB3 42B0
sha512_256:  B8AF 0BBB BDE3 F0CE 57AA 09EF E627 FF12 C35F 16F6 B9CE E42E 1FC6 AF2E B123 46DE
       sm3:  4261 45D9 4705 4078 A28F F841 0917 2DAD 3591 115D 0AF5 6B3A F30F 0B2A 34E5 53FB
 whirlpool:  EF0B 099E 1A54 86CF 5BB0 B5FA 4F20 E06B 24B7 048B A5DB E7A6 9C1C 146F 1F6C 470E
             D969 7CEF 8F82 B30C 2D4D 3CBD 1CAE 618F 13E3 4DDA ED4C 60B2 75A6 4087 0547 CFA1
sha3_256 MATCH

using the current openssl libraries embeded in the current Python release.

(8) By Keith Medcalf (kmedcalf) on 2021-02-17 00:01:43 in reply to 7 [link] [source] 

from sys import argv, exit, version, version_info
import hashlib


def prettyPrintHexString(hexstring, Wrap=False, indent=0):
    retval = ''
    for i in range(0, len(hexstring), 4):
        retval += hexstring[i:i+4] + ' '
        if Wrap:
            if len(retval) - indent > 65:
                retval = retval.strip() + '\n' + ' '*indent
                Wrap = False
    return retval.strip()


print(version)
print(version_info)
hList = []
for i in argv[1:]:
    if i.startswith('--'):
        hList.append(i[2:])
for i in hList:
    argv.remove('--' + i)

try:
    f = open(argv[1], 'rb')
except:
    print("File", argv[1], "could not be opened for reading")
    exit(-1)

if not hList:
    hList = ['md2', 'md4', 'md5',
             'sha', 'sha1',
             'sha224', 'sha256', 'sha384', 'sha512',
             'sha3_224', 'sha3_256', 'sha3_384', 'sha3_512'
            ]
    for algo in sorted(hashlib.algorithms_available):
        if not algo in hList:
            hList.append(algo)

hObj = [ ]
hTxt = [ ]
for hash in hList:
    try:
        hObj.append(hashlib.new(hash))
        hTxt.append(hash)
    except:
        pass

x = 1
size = 0
mb = 1024*1024
rs = 16*mb
bs = chr(8)*79

while x:
    data = f.read(rs)
    x = len(data)
    if x > 0:
        size += x
        for i in range(len(hObj)):
            hObj[i].update(data)
    data = None
    print(bs + 'Read: %5d MBytes' % (size/mb,), end=' ', flush=True)
print(bs, ' '*20, end=' ')

f.close()

print(bs + " File Name: ", argv[1])
print("      Size: ", size)
for i in range(len(hObj)):
    try:
        print("%10s: " % (hTxt[i],), prettyPrintHexString(hObj[i].hexdigest().upper(), Wrap=True, indent=13))
    except:
        pass

test = ''.join(argv[2:]).lower()
if test:
    for i in range(len(hObj)):
        try:
            check = hObj[i].hexdigest().lower()
            if test == check:
                print(hTxt[i], "MATCH")
            elif test in check:
                print(hTxt[i], "PARTIAL @ %d:%d" % (check.find(test), len(test)))
        except:
            pass

which should work for all recent and (hopefully) future versions of Python. It is called MD5 because when I initially wrote it, the "current" algorithm in common use was MD5. It will put certain algorithms at the top of the list and add any others that hashlib knows how to generate later in the list automatically, and you can limit operation to a specific (or set) of algorithms.

It is "a wee bit slow" running multiple algorithms against large files ...