ns_md(n) 5.0.0a naviserver "NaviServer Built-in Commands"

Name

ns_md - Returns a string containing a message digest (MD)

Table Of Contents

• Table Of Contents
• Synopsis
• Description
• COMMANDS
• OPTIONS
• LOW LEVEL COMMANDS
• See Also
• Keywords

Synopsis

Description

These functions return a message digest (MD) for a message using the specified message digest algorithm. The MD code can be used to check the integrity of a piece of data (whether the data was altered) by computing a cryptographic checksum.

The provided commands provide a one-step interface and an incremental interface, where the latter one can be used to incrementally compute a message digest e.g. by reading data from a file. This is especially important for computing message digest on content which is too large to be kept in memory.

The listed commands are available in installations when NaviServer is compiled with OpenSSL support and where the NSF package is installed. The command ns_md is a generalization of ns_md5 and ns_sha1 since it provides a much larger set of cryptogrphic algorithms, output formats and provides the incremental interface.

COMMANDS

ns_md string ?-digest value? ?-encoding value? message

Returns the message digest from the provided string message.

ns_md file ?-digest value? ?-encoding value? filename ?filename ...?

Returns the message digest from the provided file filename and the optional provided additional filenames in args. The files are read incrementally to keep storage requirements for large files low. The resulting message digest is calculated cumulatively.

ns_md new ?-digest value?

Creates and returns a new MD object for incremental operations. The option -digest defaults to sha256.

$md_object add data

Adds data incrementally to the MD object, which was created previously with ns_md new.

$md_object get ?-encoding encoding?

Returns the current digest value from the MD object, to which data was added previously with the method add.

$md_object destroy

Deletes the MD object (used for incremental operations).

OPTIONS

-digest digest

Digest algorithm for the checksum computation. The available algorithms are implemented in OpenSSL. The current versions of OpenSSL supports the following message digest algorithms: "blake2b512 blake2s256 md4 md5 md5-sha1 mdc2 ripemd160 sha1 sha224 sha256 sha3-224 sha3-256 sha3-384 sha3-512 sha384 sha512 sha512-224 sha512-256 shake128 shake256 sm3 whirlpool". The default value is "sha256"

-encoding encoding

Formats the output of the generated digest. The available options are: hex, binary, base64 and base64url. The default value is "hex".

-encoding encoding

The option -encoding encoding specifies the output encoding used for the resulting values of the dict. Possible encodings are hex, base64url, base64, or binary. Default is hex.

  % ns_md string -digest sha256 "what do ya want for nothing?"
  b381e7fec653fc3ab9b178272366b8ac87fed8d31cb25ed1d0e1f3318644c89c

LOW LEVEL COMMANDS

While the command ns_md provides a high-level, object oriented interface mostly based on the MD objects, the lower level implementation provides more options for certain specialized operations.

ns_crypto::md add ?-binary? ?--? ctx message

ns_crypto::md free ctx

ns_crypto::md get ?-encoding hex|base64url|base64|binary? ctx

ns_crypto::md new digest

ns_crypto::md string ?-binary? ?-digest value? ?-encoding hex|base64url|base64|binary? ?-passphrase value? ?-sign value? ?-signature value? ?-verify value? ?--? message

Example for signing and signature verification based on ::ns_crypto::md string:

  % set sig [::ns_crypto::md string -digest sha1 -encoding binary -sign $path/myprivate.pem "abcdefghijklmnopqrstuxvwxyz\n"]
  % ::ns_crypto::md string -digest sha1 -encoding binary -verify $path/mypublic.pem -signature $sig "abcdefghijklmnopqrstuxvwxyz\n"
  1

See Also

ns_crypt, ns_crypto, ns_hmac, ns_md5, ns_rand, ns_sha, ns_sha1, nsd

Keywords

MD, crypto, encoding, nsf