How to Read Base64-encoded Binary SHA1 Hash

Well, tax season again. Taiwan’s personal income tax filing system1 consists of an online system and a desktop computer software. Since the Ministry of Finance hosts the installer online, a best practice is to also provide the hash value of the installer, which they did, to my surprise.2

The hash value, however, is not in plain format like 1420bdb0d4876927e1aa9612dc9c0480acde2f72, which we’re more familier and frequently found on sites such as Microsoft, FreeBSD, Apple, etc. They provided an xml file that can be use by their verify utility. Yet the SHA1 tag inside is encoded.

<?xml version="1.0" encoding="utf-8"?>

It turns out that the code is a base64-encoded, binary formatted sha1 hash. If you don’t like another utility just for checksum verification, you may extract the plain hash or generate a same encoded one like theirs for comparison.

To decode xml’s hash:

echo 'FCC9sNSHaSfhqpYS3JwEgKzeL3I=' | openssl enc -base64 -d | xxd -p

To generate a binary sha1 and base64-encode it:

openssl dgst -sha1 -binary ifn623i.exe | openssl enc -base64 -e

Now you may verify the checksum, whether plain hash or encoded.

  1. The e-Filing and Payment of Individual Income Tax System, Ministry of Finance, ROC (Taiwan) has different systems, e.g. for foreigners and for citizens

  2. As Taiwan’s government usually lacks of information knowledge and is unwilling to adopt new technology.