Why base64 a sha1/sha256 hash?

Solution 1

Those hashes are not ASCII–the reason you see hex digits is because the software you use to generate them takes the binary output of the digest and turns it into an ASCII string of hex digits.

For instance, the MD5 digest will fill an array of 16 bytes. You can also represent it as a string of 32 characters, but the most basic form of the digest is still the array of bytes.

When you change an array of bytes into a hex string, you need 8 bits (one full character) to represent every 4 bits of data. Although it's not frequently called that way, you could say that this uses "base16" encoding, since you're grabbing 4 bits at a time and mapping them to a 16-character alphabet.

Base64, on the other hand, grabs 6 bits at a time and maps them to a 64-character alphabet. This means that you need 8 bits (again, one full character) to represent every 6 bits of data, which has half the wasted bits of base16. A base16-encoded string will always be twice as big as the original; a base64-encoded string will only be four thirds as big. For a SHA256 hash, base16 does 64 bytes, but base64 does approximately 43.

Solution 2

For example, the bytes, hex, and base64 samples below encode the same bytes:

• bytes: 243 48 133 140 73 157 28 136 11 29 189 101 194 101 116 64 172 227 220 78
• hex: f330858c499d1c880b1dbd65c2657440ace3dc4e
• base64: 8zCFjEmdHIgLHb1lwmV0QKzj3E4=.

It's only that AWS requires its values to be base64 encoded.

Author by

tuna

My passion is to ... I am too lazy to write that book now

Updated on July 05, 2022