Let’s venture into encryption today and understand the md5 and base64 commands in Linux. Encryption is a subject for every person tasked with keeping their data secure. Data breaches can cause loss of thousands, if not millions. A loss bigger than the money is the loss of credibility. Encryption encodes your data in an attempt to keep it safe from unauthorized access. In this tutorial, we’re going to cover some of the very basic aspects of making sure that the data that’s transferred over the internet is intact and that no one has tampered with it.
Starting out with Encryption
When storing passwords on the database, the most secure way is to encrypt the passwords with a one-way encryption algorithm like MD5 so it cannot be reversed. When a user enters the password, the password is encrypted again with MD5 and the hashes are then compared on the back-end to verify that the passwords are the same.
On the other hand, Base64 is a regular two-way encryption algorithm that allows both encryption and decryption of the data that’s passed to it. This isn’t going to be the most optimal choice if you want to ensure security but it would be a good idea to use it if your initial idea is to send data in plaintext.
Introducing the MD5 and Base64 Commands on Linux
Let’s get right into it and understand the different uses of MD5 and Base64 commands. We’ll go over the basic syntax and some of the use cases that you can work with when using these commands.
Fundamental Differences Between the MD5 and Base64
|Is a one-way hashing algorithm||Is a two-way encryption algorithm|
|Data once encrypted cannot be decrypted to the original form||Data once encrypted can be decrypted to their original form|
|Used majorly for storing passwords/sensitive data on databases and for verifying package integrity||Used for transmitting data over networks that accept information only in ASCII format.|
When you need to transmit a file that contains various characters like Unicode, or has formatting that some networks don’t accept, encoding the file with Bas64 makes it possible to transmit the file. But the reasons why Base64 no longer is as popular as it was before is that:
- The use cases are very limited since the encryption is very weak
- Almost all networks and routers that our data passes through, accept data in all the basic formats (including Unicode)
- There are much better algorithms now
There obviously could be more reasons to even vote “for” base64 to be alive but compared to MD5’s usage at present, base64 is nowhere to be seen. But now that you have a good understanding of the algorithms, let’s move on to their usage on Linux
The md5sum Command in Linux
MD5, short for Message-Digest algorithm 5, is a cryptographic hashing algorithm. It is widely used as a checksum command to verify the integrity of files or strings. To do so, it utilizes a 128-bit character string which will remain unchanged no matter how many times it is generated for a particular file.
The hash generated using MD5 is not reversible, so there’s no way to figure out the contents for which the specific hash was generated.
Basic syntax of the md5sum command on Linux
md5sum [option] [file]
This creates an alphanumeric hash for our file and displays it based on our options. Here is a list of some options available to us while using the MD5 command in Linux.
|-b||Reads a file in binary format to create or print MD5 checksum|
|-t||Reads a file in text format to create or print MD5 checksum. This is the default option|
|-c||Reads MD5 from a file and checks it|
|–strict||Causes a non zero exit code in case the checksum file is not in the proper format|
|-w||Warns the user in case the checksum file is not in the proper format|
While these are the most frequently used options, there are other options you can explore using the man md5sum. Now let us discuss Base64 command.
The base64 Command in Linux
Now base64 is not an encryption algorithm but simply an encoding algorithm that allows you to transfer files while maintaining integrity. (an interesting StackOverflow question)
Basic syntax for the base64 Command in Linux
base64 [option] [input_file] [output_file]
This takes our input_file, encodes or decodes it, and saves the result in output_file based on our options. Here are five main options we use in the Base64 command in Linux.
|-e||Reads the input file, encodes its content in Base64 format and saves it to our output file|
|-d||Reads the input file, decodes its content using Base64 format and saves it to our output file|
|-u||Displays information regarding the usage of the Base64 command|
|-i||Reads the file for decoding while ignoring all non-alphabetic characters|
|-n||By default, the Base64 command uses an error check while decoding. This option tells the command to skip the error check|
Using the md5sum and base64 Commands in Linux
Now that we understand the MD5 and Base64 commands in Linux, it is time to use them.
MD5 and Base64 commands are commonly used for three purposes –
- Creating a hash
- Verifying a hash
- Checking package signatures.
Let us have a look at each of these individually.
Creating a Hash with md5sum and base64 Commands
To create a hash using MD5 and Base64 commands in Linux, we need to use MD5 to generate a hash then encode it using Base64. For this example, we will be using the file TESTFILE.txt to generate a hash
Open the terminal and type the following command. Replace the file name as per your needs.
md5sum <filename> base64 <filename>
As you can see, we have generated the hashes based on the content within the file. Now you need to remember that the hash that’s generated is based on the content that is present within the file and not based on the file name. If the content is changed, the hash will change and that will help the receiving user understand that the file has been tampered with.
Let’s save these hashes within individual files using the output redirection operator “>”.
Verifying a MD5 or Base64 Hash
Just like we created Base64 encoded MD5 hashes for our file, these commands can also be used to verify the hash for a particular file. To do so, we first begin by using the Base64 command to decode the contents of pass.txt and save the decoded data in decode.txt as our output file.
The following screenshot shows how this is done.
base64 -d <hashfile> md5sum -c <hashfile>
Here’s the major difference that you’ll notice when using MD5 vs Base64. Base64 directly encrypts the data and makes the plaintext file unreadable when transferring it over the internet. When decrypted, the contents of the file are directly visible.
Compared with MD5, it simply verifies if the data within the file is the same as it was before the hash was generated. As you can see, it says “example.txt: OK” which is a confirmation that the hash generated for example.txt matches the one that’s generated right now while verifying the file.
Checking Package Signatures
Let me demonstrate how you can verify the package signatures of files that you download from over the internet. Nowadays, you’ll find the .md5 file is available for download along with the original file.
Since the process for verifying hashes is going to be the same, here are the 3 steps that I’ll be taking to demonstrate how we can use MD5 to verify package signatures.
- Show the contents of the file and create a MD5 and Base64 Hash for the file
- Verifying that the contents of the hash and the file are correct.
- Change the contents of the file and verify the hashes for the file
Let’s create the hashes first from the “example.txt” file.
root@localhost:~# ls example.txt root@localhost:~# cat example.txt Hi this is a test file from LinuxforDevices root@localhost:~# md5sum example.txt > md5sum.md5 root@localhost:~# base64 example.txt > base64.txt root@localhost:~# ls base64.txt example.txt md5sum.md5
Verifying that the contents of the hash and the file are correct.
root@localhost:~# cat example.txt Hi this is a test file from LinuxforDevices root@localhost:~# md5sum -c md5sum.md5 example.txt: OK root@localhost:~# base64 -d base64.txt Hi this is a test file from LinuxforDevices
Change the contents of the file and verify the hashes again
root@localhost:~# cat >> example.txt NEW LINE root@localhost:~# cat example.txt Hi this is a test file from LinuxforDevices NEW LINE root@localhost:~# md5sum -c md5sum.md5 example.txt: FAILED md5sum: WARNING: 1 computed checksum did NOT match root@localhost:~# base64 -d base64.txt Hi this is a test file from LinuxforDevices
As you can see, this time after we changed the content of the file, the hash verification failed and gave us a message warning that the checksum doesn’t match.
But in the case of Bas64, it isn’t really checking with what the content in the original file is. It simply decrypts whatever base64 data is presented to it. So we get the data that we originally had encrypted.
We’ve covered the basic usage of the md5 and base64 commands here but there’s a lot more that you can play around with. But the major pointers to remember are these:”
- MD5 is a hashing algorithm and the md5sum command is used to verify the integrity of packages by comparing with the hash data from before being transmitted over the internet.
- Base64 is an encryption algorithm (though it’s way too weak to use on something important). It works by encrypting the data that is presented to it and then decrypting the encrypted text back to the original data.