libewf_handle_set_sha1_hash not storing the hash in the E01

[tedsmith]

Hi

I am using libewf_handle_set_md5_hash and libewf_handle_set_sha1_hash to embed either Md5 or SHA1 hash values into the E01 using libewf.

libewf_handle_set_md5_hash works fine - the MD5 hash is embedded. But when I use the same technique with libewf_handle_set_sha1_hash, the function returns valid (no error, integer returned is 1) but when I open the E01 file using FTK Imager, the hash value properties field is empty.

What might I be doing wrong? Or is there a problem with the function? I am using the libewf.dll from http://labalec.fr/erwan/?p=1235 (specifically this download http://labalec.fr/erwan/wp-content/uploads/2014/05/libewf2.zip), which may be the problem?

[joachimmetz]

What EWF format do you use? Some formats don't support the SHA1 hash.

[tedsmith]

Hi Joachim. I have just created /initialized the linear handle and write the buffer reads to the e01 image. Could you tell me what the function is to specify v6 or above, or whatever the version was that added sha1 capability?

[tedsmith]

Libewf handle, that should read.

[tedsmith]

Forgive me...just found that there's the constant to set:

LIBEWF_FORMAT_UNKNOWN = 0x00, LIBEWF_FORMAT_ENCASE1 = 0x01, LIBEWF_FORMAT_ENCASE2 = 0x02, LIBEWF_FORMAT_ENCASE3 = 0x03, LIBEWF_FORMAT_ENCASE4 = 0x04, LIBEWF_FORMAT_ENCASE5 = 0x05, LIBEWF_FORMAT_ENCASE6 = 0x06, LIBEWF_FORMAT_ENCASE7 = 0x07,

So in my ewflib library unit I've now got the following assigned:

const LIBEWF_OPEN_READ = $01; LIBEWF_OPEN_WRITE = $02; LIBEWF_DATE_FORMAT_DAYMONTH = $01; LIBEWF_DATE_FORMAT_MONTHDAY = $02; LIBEWF_DATE_FORMAT_ISO8601 = $03; LIBEWF_DATE_FORMAT_CTIME = $04; LIBEWF_FORMAT_ENCASE6 = $06;

But still not SHA-1 hash in the E01? I am puzzled

[tedsmith]

Silly me...I was not calling libewf_handle_set_format(LIBEWF_FORMAT_ENCASE6); That now works. Sorry to waste your time.

[joachimmetz]

Yeah some features are format dependent, largely to provide compatibility with other products out there.