Provided by: tcllib_1.17-dfsg-1_all 
NAME
sha1 - SHA1 Message-Digest Algorithm
SYNOPSIS
package require Tcl 8.2
package require sha1 ?2.0.3?
::sha1::sha1 ?-hex|-bin? [ -channel channel | -file filename | ?--? string ]
::sha1::hmac key string
::sha1::hmac ?-hex|-bin? -key key [ -channel channel | -file filename | ?--? string ]
::sha1::SHA1Init
::sha1::SHA1Update token data
::sha1::SHA1Final token
::sha1::HMACInit key
::sha1::HMACUpdate token data
::sha1::HMACFinal token
_________________________________________________________________________________________________
DESCRIPTION
This package provides an implementation in Tcl of the SHA1 message-digest algorithm as
specified by FIPS PUB 180-1 (1). This algorithm takes a message and generates a 160-bit
digest from the input. The SHA1 algorithm is related to the MD4 algorithm (2) but has been
strengthend against certain types of cryptographic attack. SHA1 should be used in
preference to MD4 or MD5 in new applications.
This package also includes support for creating keyed message-digests using the HMAC
algorithm from RFC 2104 (3) with SHA1 as the message-digest.
COMMANDS
::sha1::sha1 ?-hex|-bin? [ -channel channel | -file filename | ?--? string ]
The command takes a message and returns the SHA1 digest of this message as a
hexadecimal string. You may request the result as binary data by giving -bin.
The data to be hashed can be specified either as a string argument to the sha1
command, or as a filename or a pre-opened channel. If the -filename argument is
given then the file is opened, the data read and hashed and the file is closed. If
the -channel argument is given then data is read from the channel until the end of
file. The channel is not closed. NOTE use of the channel or filename options
results in the internal use of vwait. To avoid nested event loops in Tk or tclhttpd
applications you should use the incremental programming API (see below).
Only one of -file, -channel or string should be given.
If the string to hash can be mistaken for an option (leading dash "-"), use the
option -- before it to terminate option processing and force interpretation as a
string.
::sha1::hmac key string
::sha1::hmac ?-hex|-bin? -key key [ -channel channel | -file filename | ?--? string ]
Calculate an Hashed Message Authentication digest (HMAC) using the SHA1 digest
algorithm. HMACs are described in RFC 2104 (3) and provide an SHA1 digest that
includes a key. All options other than -key are as for the ::sha1::sha1 command.
If the string to hash can be mistaken for an option (leading dash "-"), use the
option -- before it to terminate option processing and force interpretation as a
string.
PROGRAMMING INTERFACE
For the programmer, the SHA1 hash can be viewed as a bucket into which one pours data.
When you have finished, you extract a value that is derived from the data that was poured
into the bucket. The programming interface to the SHA1 hash operates on a token
(equivalent to the bucket). You call SHA1Init to obtain a token and then call SHA1Update
as many times as required to add data to the hash. To release any resources and obtain the
hash value, you then call SHA1Final. An equivalent set of functions gives you a keyed
digest (HMAC).
If you have critcl and have built the tcllibc package then the implementation of the
hashing function will be performed by compiled code. Failing that if you have the Trf
package then this can be used otherwise there is a pure-tcl equivalent. The programming
interface remains the same in all cases.
::sha1::SHA1Init
Begins a new SHA1 hash. Returns a token ID that must be used for the remaining
functions.
::sha1::SHA1Update token data
Add data to the hash identified by token. Calling SHA1Update $token "abcd" is
equivalent to calling SHA1Update $token "ab" followed by SHA1Update $token "cb".
See EXAMPLES.
::sha1::SHA1Final token
Returns the hash value and releases any resources held by this token. Once this
command completes the token will be invalid. The result is a binary string of 20
bytes representing the 160 bit SHA1 digest value.
::sha1::HMACInit key
This is equivalent to the ::sha1::SHA1Init command except that it requires the key
that will be included in the HMAC.
::sha1::HMACUpdate token data
::sha1::HMACFinal token
These commands are identical to the SHA1 equivalent commands.
EXAMPLES
% sha1::sha1 "Tcl does SHA1"
285a6a91c45a9066bf39fcf24425796ef0b2a8bf
% sha1::hmac Sekret "Tcl does SHA1"
ae6251fa51b95b18cba2be95eb031d07475ff03c
% set tok [sha1::SHA1Init]
::sha1::1
% sha1::SHA1Update $tok "Tcl "
% sha1::SHA1Update $tok "does "
% sha1::SHA1Update $tok "SHA1"
% sha1::Hex [sha1::SHA1Final $tok]
285a6a91c45a9066bf39fcf24425796ef0b2a8bf
REFERENCES
[1] "Secure Hash Standard", National Institute of Standards and Technology, U.S.
Department Of Commerce, April 1995.
(http://www.itl.nist.gov/fipspubs/fip180-1.htm)
[2] Rivest, R., "The MD4 Message Digest Algorithm", RFC 1320, MIT, April 1992.
(http://www.rfc-editor.org/rfc/rfc1320.txt)
[3] Krawczyk, H., Bellare, M. and Canetti, R. "HMAC: Keyed-Hashing for Message
Authentication", RFC 2104, February 1997. (http://www.rfc-
editor.org/rfc/rfc2104.txt)
BUGS, IDEAS, FEEDBACK
This document, and the package it describes, will undoubtedly contain bugs and other
problems. Please report such in the category sha1 of the Tcllib Trackers
[http://core.tcl.tk/tcllib/reportlist]. Please also report any ideas for enhancements you
may have for either package and/or documentation.
SEE ALSO
md4, md5, ripemd128, ripemd160
KEYWORDS
FIPS 180-1, hashing, message-digest, rfc 2104, security, sha1
CATEGORY
Hashes, checksums, and encryption
COPYRIGHT
Copyright (c) 2005, Pat Thoyts <patthoyts@users.sourceforge.net>