HMAC-SHA1 in bash

Question

Is there a bash script to generate a HMAC-SHA1 hash?

I'm looking for something equivalent to the following PHP code:

hash_hmac("sha1", "value", "key"); 

Answer 1

I realise this isn't exactly what you're asking for, but there's no point in reinventing the wheel and writing a bash version.

You can simply use the openssl command to generate the hash within your script.

[me@home] echo -n "value" | openssl dgst -sha1 -hmac "key" 57443a4c052350a44638835d64fd66822f813319 

Or simply:

[me@home] echo -n "value" | openssl sha1 -hmac "key" 57443a4c052350a44638835d64fd66822f813319 

Remember to use -n with echo or else a line break character is appended to the string and that changes your data and the hash.

That command comes from the OpenSSL package which should already be installed (or easily installed) in your choice of Linux/Unix, Cygwin and the likes.

Do note that older versions of openssl (such as that shipped with RHEL4) may not provide the -hmac option.

---

As an alternative solution, but mainly to prove that the results are the same, we can also call PHP's hmac_sha1() from the command line:

[me@home]$ echo '<?= hash_hmac("sha1", "value", "key") ?>' | php 57443a4c052350a44638835d64fd66822f813319 

Answer 2

Here is a bash function that works like hash_hmac from PHP:

#!/bin/bash  function hash_hmac {   digest="$1"   data="$2"   key="$3"   shift 3   echo -n "$data" | openssl dgst "-$digest" -hmac "$key" "$@" }  # hex output by default hash_hmac "sha1" "value" "key"  # raw output by adding the "-binary" flag hash_hmac "sha1" "value" "key" -binary | base64  # other algos also work hash_hmac "md5"  "value" "key"