| Loading the libraries |
First download the appropriate files from the links on the main page. Save them in the same directory as your html file and insert the appropriate one of these tags:
<script language="JavaScript" src="md4.js"></script>
<script language="JavaScript" src="md5.js"></script>
<script language="JavaScript" src="sha1.js"></script>
The scripts don't interfere with each other - you can use them all in the same document.
Alternatively, you can copy the code and paste it straight into your html file, inside <script>...</script>. I personally prefer keeping the code separate, but inlining it is slightly faster.
| Calculating a hash |
Usually you'll want to get the result in hexadecimal, so it can be submitted as part of a form without worrying about URL encoding.
<script language="JavaScript">
hash = hex_md4("input string");
hash = hex_md5("input string");
hash = hex_sha1("input string");
</script> You can also get the result in base-64 encoding:
<script language="JavaScript">
hash = b64_md4("input string");
hash = b64_md5("input string");
hash = b64_sha1("input string");
</script> You can also get the result as a binary string; this is discussed below.
| HMACs - keyed hashes |
In many uses of hashes you end up wanting to combine a key with some data. It isn't so bad to do this by simple concatonation, but HMAC is a carefully designed method, known to be very secure. The usage is:
<script language="JavaScript">
hash = hex_hmac_md4("key", "data");
hash = hex_hmac_md5("key", "data");
hash = hex_hmac_sha1("key", "data");
</script>
| Configurable options |
There are a few configurable variables; you may have to tweak these to be compatible with the hash function on the server.
| hexcase | The case of the letters A-F in hexadecimal output | 0 - lower case (default) 1 - upper case |
| b64pad | The character used to pad base-64 output to a multiple of 3 bytes | "" - no padding (default) "=" - for strict RFC compliance |
| chrsz | Whether string input should be treated as ASCII or UniCode | 8 - ASCII (default) 16 - UniCode |
To set a variable, use a syntax like this:
<script language="JavaScript" src="md5.js"></script>
<script language="JavaScript">
chrsz = 16;
</script>
In general, it's ok to change the values of these variables between calls to the library; so you can do ASCII and UniCode hashes on the same page, for example. However, you can't change chrsz and then re-use data returned by a str_* function.
| Binary string output |
This representation is useful when you want to feed the result of a hash operation back into another operation. The ability to do this lets you create a variety of cryptographic protocols.
For example, to do a double hash:
double_hash = hex_md5(str_md5(data));
The string is encoded so each character of a string represents either one or two bytes, in ASCII and UniCode respectively. This would be troublesome to send over HTTP as form data, but JavaScript strings are completely binary safe.
 |
© 1998 - 2003 Paul Johnston, distributed under the BSD License Updated: 27 Jul 2003