Windows下CertUtil校验和编码文件

目录

• 前言
• CertUtil计算文件hash
  • 计算MD2
  • 计算MD4
  • 计算MD5
  • 计算SHA1
  • 计算SHA256
  • 计算SHA384
  • 计算SHA512
• 文件base64编码
• 文件base64解码
• 文件hex编码
• 文件hex解码
• 结语

前言

    CertUtil.exe是一个命令行程序，作为证书服务的一部分安装。可以使用CertUtil.exe转储和显示证书颁发机构(CA)配置信息、配置证书服务、备份和恢复CA组件，以及验证证书、密钥对和证书链。如果certutil在没有附加参数的证书颁发机构上运行，它将显示当前的证书颁发机构配置。如果certutil在非认证中心上运行，则该命令默认运行certutil [-dump]命令。
    但是我只用了计算文件hash，以及编码解码文件功能，对我来说在Windows上不用安装额外软件就能实现这些功能很方便。详细说明可以参考【官方文档】

CertUtil计算文件hash

    在Windows的cmd下执行CertUtil -hashfile -?会出现帮助文档，根据Hash algorithms: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512可以得到常用计算文件hash方法，md5和sha1比较常用。

Usage:
  CertUtil [Options] -hashfile InFile [HashAlgorithm]
  Generate and display cryptographic hash over a file

Options:
  -Unicode          -- Write redirected output in Unicode
  -gmt              -- Display times as GMT
  -seconds          -- Display times with seconds and milliseconds
  -v                -- Verbose operation
  -privatekey       -- Display password and private key data
  -pin PIN                  -- Smart Card PIN
  -sid WELL_KNOWN_SID_TYPE  -- Numeric SID
            22 -- Local System
            23 -- Local Service
            24 -- Network Service

Hash algorithms: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512

CertUtil -?              -- Display a verb list (command list)
CertUtil -hashfile -?    -- Display help text for the "hashfile" verb
CertUtil -v -?           -- Display all help text for all verbs

计算MD2

CertUtil -hashfile test.txt MD2
MD2 hash of test.txt:
5892bec299b1bae578d5aff607f6eb61
CertUtil: -hashfile command completed successfully.

计算MD4

CertUtil -hashfile test.txt MD4
MD4 hash of test.txt:
a9c5d7b55b8173b39870bcdf919c71b7
CertUtil: -hashfile command completed successfully.

计算MD5

    计算md5是比较常用的文件hash方式。

CertUtil -hashfile test.txt MD5
MD5 hash of test.txt:
02877f0b701bec19ed79911ccc7b20e3
CertUtil: -hashfile command completed successfully.

计算SHA1

CertUtil -hashfile test.txt SHA1
SHA1 hash of test.txt:
ae36676c8c6a617ed5d3a84b88c70cd5d9c362a5
CertUtil: -hashfile command completed successfully.

计算SHA256

CertUtil -hashfile test.txt SHA256
SHA256 hash of test.txt:
8df1da6d5c8b7a89ed3da070b652946d9db143fd22e98afdccf5d3d1ac3b29e9
CertUtil: -hashfile command completed successfully.

计算SHA384

CertUtil -hashfile test.txt SHA384
SHA384 hash of test.txt:
bc3cf094587ee7473fd460fac1f37db2d3fd7085cfe8d024cfb004d03824d555f46939bd8920a4db32d9e178da064560
CertUtil: -hashfile command completed successfully.

计算SHA512

CertUtil -hashfile test.txt SHA512
SHA512 hash of test.txt:
3b338d0a80a81f95cb8a654c2bcd9ec6385ee9da785708f8e5bb5eba37934d4c2b745faa823f3598fb56b32a32a833defdce3c195f7e4e3a1fa3b3b69f166969
CertUtil: -hashfile command completed successfully.

文件base64编码

    在Windows的cmd执行CertUtil -encode -?可以查看编码文件为base64格式文件。

Usage:
  CertUtil [Options] -encode InFile OutFile
  Encode file to Base64

Options:
  -f                -- Force overwrite
  -Unicode          -- Write redirected output in Unicode
  -UnicodeText      -- Write output file in Unicode
  -gmt              -- Display times as GMT
  -seconds          -- Display times with seconds and milliseconds
  -v                -- Verbose operation
  -privatekey       -- Display password and private key data
  -pin PIN                  -- Smart Card PIN
  -sid WELL_KNOWN_SID_TYPE  -- Numeric SID
            22 -- Local System
            23 -- Local Service
            24 -- Network Service

CertUtil -?              -- Display a verb list (command list)
CertUtil -encode -?      -- Display help text for the "encode" verb
CertUtil -v -?           -- Display all help text for all verbs

    下面是对一个文件进行base64编码。结果文件首行和末行会有特殊标记。

CertUtil -encode test.txt test.txt.out
Input Length = 8
Output Length = 70
CertUtil: -encode command completed successfully.

cat test.txt
test

cat test.txt.out
-----BEGIN CERTIFICATE-----
dGVzdCAgDQo=
-----END CERTIFICATE-----

文件base64解码

    在Windows的cmd执行CertUtil -decode -?可以查看解码base64格式文件。

Usage:
  CertUtil [Options] -decode InFile OutFile
  Decode Base64-encoded file

Options:
  -f                -- Force overwrite
  -Unicode          -- Write redirected output in Unicode
  -gmt              -- Display times as GMT
  -seconds          -- Display times with seconds and milliseconds
  -v                -- Verbose operation
  -privatekey       -- Display password and private key data
  -pin PIN                  -- Smart Card PIN
  -sid WELL_KNOWN_SID_TYPE  -- Numeric SID
            22 -- Local System
            23 -- Local Service
            24 -- Network Service

CertUtil -?              -- Display a verb list (command list)
CertUtil -decode -?      -- Display help text for the "decode" verb
CertUtil -v -?           -- Display all help text for all verbs

    下面是对一个base64文件进行解码。

CertUtil -decode test.txt.out test.txt.de
Input Length = 70
Output Length = 8
CertUtil: -decode command completed successfully.

cat test.txt.out
-----BEGIN CERTIFICATE-----
dGVzdCAgDQo=
-----END CERTIFICATE-----

cat test.txt.de
test

文件hex编码

    在Windows的cmd执行CertUtil -encodehex -?可以查看编码文件为hex格式文件。

Usage:
  CertUtil [Options] -encodehex InFile OutFile [type]
  Encode file in hexadecimal

Options:
  -f                -- Force overwrite
  -Unicode          -- Write redirected output in Unicode
  -UnicodeText      -- Write output file in Unicode
  -gmt              -- Display times as GMT
  -seconds          -- Display times with seconds and milliseconds
  -v                -- Verbose operation
  -privatekey       -- Display password and private key data
  -pin PIN                  -- Smart Card PIN
  -sid WELL_KNOWN_SID_TYPE  -- Numeric SID
            22 -- Local System
            23 -- Local Service
            24 -- Network Service

CertUtil -?              -- Display a verb list (command list)
CertUtil -encodehex -?   -- Display help text for the "encodehex" verb
CertUtil -v -?           -- Display all help text for all verbs

    下面是对一个文件进行hex编码。结果类似Linux下的xxd格式，展示了文件hex的值。

CertUtil -encodehex test.txt test.hex
Input Length = 23
Output Length = 139
CertUtil: -encodehex command completed successfully.

cat test.txt
test1
test2
test3

cat test.hex
0000    74 65 73 74 31 0d 0a 74  65 73 74 32 0d 0a 74 65   test1..test2..te
0010    73 74 33 0d 0a 0d 0a                               st3....

文件hex解码

    在Windows的cmd执行CertUtil -decodehex -?可以查看解码hex格式文件。

Usage:
  CertUtil [Options] -decodehex InFile OutFile [type]
  Decode hexadecimal-encoded file
    type -- numeric CRYPT_STRING_* encoding type

Options:
  -f                -- Force overwrite
  -Unicode          -- Write redirected output in Unicode
  -gmt              -- Display times as GMT
  -seconds          -- Display times with seconds and milliseconds
  -v                -- Verbose operation
  -privatekey       -- Display password and private key data
  -pin PIN                  -- Smart Card PIN
  -sid WELL_KNOWN_SID_TYPE  -- Numeric SID
            22 -- Local System
            23 -- Local Service
            24 -- Network Service

CertUtil -?              -- Display a verb list (command list)
CertUtil -decodehex -?   -- Display help text for the "decodehex" verb
CertUtil -v -?           -- Display all help text for all verbs

    下面是对一个hex文件进行解码。

CertUtil -decodehex test.hex test.hex.out
Input Length = 139
Output Length = 23
CertUtil: -decodehex command completed successfully.

cat test.hex
0000    74 65 73 74 31 0d 0a 74  65 73 74 32 0d 0a 74 65   test1..test2..te
0010    73 74 33 0d 0a 0d 0a                               st3....

cat test.hex.out
test1
test2
test3

结语

    熟练使用这个命令，可以方便的在Windows电脑上校验文件，以及编码解码文件。特别是编码为hex格式文件，可以分析文件的二进制数据。我以前遇到过文件包含不可见字符导致代码编译报错，却找不到哪里错误，这时候分析文件的二进制数据一目了然了。