OpenSSL create SHA hash from shell stdin

Question

How to generate the SHA-512 hash with OpenSSL from command line without using a file?

I've tried this

echo "password" | openssl dgst -sha512

but the hash looks wrong (compared with http://hash.online-convert.com/sha512-generator).

Answer 1

For those who are still searching for answers, there is another option.

You can simply use:

openssl passwd -6 yoursecurepasswordphrase

The -6 tells OpenSSL to to use SHA-512.

This was tested and found working on OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 Nov 2023) on MacOS Sonoma (14.1.2 (23B92)).

To prevent passwords from ending up in your history for others to snoop, you can place setopt HIST_IGNORE_SPACE to your ~/.zshrc file.

Or, when you are still on Bash (zsh is the default on MacOS), the setting is called HISTCONTROL=ignorespace and goes in your ~/.bashrc file.

Then, whenever issuing a command that contains sensitive information, you simply start with a space on the command line, like so:

↓ here goes a space
 openssl passwd -6 yoursecurepasswordphrase

Lastly, when you do not specify a password on the command line, OpenSSL will prompt for it, and will also ask to verify it. This way, it won't end up in your history and the space is not required.

Answer 2

If you're using MacOS, you might stumble upon a case where the echo is ignoring the -n argument. To workaround that, call the binary directly:

/bin/echo -n "password" | openssl sha512

Answer 3

Try echo -n "password".

What's happening is the new line character(s) that echo adds to the end of the string are getting hashed. The -n to echo suppresses this behavior.