Properties

Last built 2 years ago using go version go1.4.2 linux/amd64 and 56 seconds of time

Downloads
Filename
File Size
 
hashpipe_master_darwin-386.zip
736KiB
hashpipe_master_darwin-amd64.zip
772KiB
hashpipe_master_linux-386.zip
740KiB
hashpipe_master_linux-amd64.zip
776KiB
hashpipe_master_linux-arm.zip
748KiB
hashpipe_master_windows-386.zip
765KiB
hashpipe_master_windows-amd64.zip
807KiB
Project-Readme for this version

hashpipe - pipe iff the hash matches

hashpipe helps you venture into the unknown. It reads from stdin, checks the hash of the content, and outputs it IF AND ONLY IF it matches the provided hash checksum. This makes executing things a teensy bit safer, as it requires compromising more communication channels.

Example

> echo "hello" | multihash
QmUJPTFZnR2CPGAzmfdYPghgrFtYFB6pf1BqMvqfiPDam8
> echo "hello" | hashpipe QmUJPTFZnR2CPGAzmfdYPghgrFtYFB6pf1BqMvqfiPDam8
hello
> echo "goodbye" | hashpipe QmUJPTFZnR2CPGAzmfdYPghgrFtYFB6pf1BqMvqfiPDam8
error: multihash checksums did not match

Use Case

If you tell people to pipe things directly into the shell… Don’t do that. If you’re going to, at least provide them a hash to ensure that man-in-the-middle attacks or compromised CDNs do not hurt your users.

curl http://you.shouldnt.be/doing/this | hashpipe Qmepk1VCHpjyCmWeh61vyDKsWfKymyrBQLcmUpXUdUd3yM | sh

Hashes Supported

hashpipe uses multihash, a self-describing hash function. It supports all the hashes in go-multihash:

Install

Usage

> hashpipe -h
usage: hashpipe [MULTIHASH] <[FILE] >[FILE]

    cat untrustedFile | hashpipe <expected-checksum> | trustedContext

hashpipe - boldly journey into the unknown.

It reads from stdin, checks the hash of the content, and outputs it IF AND
ONLY IF it matches the provided hash checksum. This makes executing things
a bit safer, as it requires compromising more communication channels. On
error, hashpipe returns a non-zero error code, failing pipelines.

OPTIONS
  -a="sha2-256": one of: sha1, sha2-256, sha2-512, sha3 (shorthand)
  -algorithm="sha2-256": one of: sha1, sha2-256, sha2-512, sha3
  -e="base58": one of: raw, hex, base58, base64 (shorthand)
  -encoding="base58": one of: raw, hex, base58, base64
  -l=-1: checksums length in bits (truncate). -1 is default (shorthand)
  -length=-1: checksums length in bits (truncate). -1 is default
  -q=false: quiet output (no newline on checksum, no error text) (shorthand)
  -quiet=false: quiet output (no newline on checksum, no error text)