Saturday, October 24, 2015

Crypto-Tool

When downloading files from websites, there are usually MD5 and SHA-1 checksums pasted on the site next to the download link. The reason for these checksums is so one can verify the integrity of the downloaded file. Once the file has been downloaded, you run a local hash of the file and verify that your checksum matches the one pasted on the site. Should they match, you know that the file hasn't been tampered with or you downloaded an incorrect file (though there is a minute chance of a hash collision).

Now this sounds like a really easy way to guarantee that you have downloaded the correct file from a website, but how many people actually run a local hash and check their checksums? I know I don't do it (even though I know I should), and I am willing to bet a lot of other people don't do this either. I looked online for solutions and there seems to be an abundance of utility tools to do this, even Windows has some built in commands.

However, I download things on multiple computers that run multiple OSes and none of these utilities seem to be able to run on all of my devices - and I like programs which run the same on everything. So, this is why I've decided to start my crypto-tool project - a cross-platform crypto tool. It is built in Java (which runs on most all devices) and will allow me to have the same process of checking checksums on every device I use.

The program currently comes with a command line interface which allows the user to generate checksums for input strings and files. It currently supports the following hash algorithms:
  • MD2
  • MD5
  • SHA-1
  • SHA-256
  • SHA-384
  • SHA-512
And to run the program, the user just needs to specify the hash algorithm to use and the file(s) and/or string(s) to generate the checksum for:

 S:\Workspaces\Github - Java\crypto-tool\latest-build>java -jar crypto-tool-cli-0.0.4-jar-with-dependencies.jar hash -ha MD5 -f input.txt -s "Command line string to hash." -s "And another string."  
 MD5 hash of [Command line string to hash.] is: 4354cb305345dc2582f1aefef124df47  
 MD5 hash of [And another string.] is: a3482fe6387ebb8cc20ea5aa713c3b8a  
 MD5 hash of file [input.txt] is: 632e60b155c9a24d3cf47f072532b440  

I feel like this is a good start to the project, however I have some plans to enhance this utility:

  • Add checksum verification
  • Add encryption/decryption of files/strings
  • Add a graphical user interface in addition to the command line interface