apache-md5-0.6.1.1: Apache specific MD5 digest algorighm.

Copyright(c) 2009, 2010, 2012-2015 Peter Trško
LicenseBSD3
MaintainerPeter Trško <peter.trsko@gmail.com>
StabilityProvisional
PortabilityNoImplicitPrelude; depends on non-portable internal module
Safe HaskellNone
LanguageHaskell98

Data.Digest.ApacheMD5

Contents

Description

ApacheMD5 is one of the hash algorithms used by Apache HTTP server for basic authentication. It is Apache specific, but e.g. nginx supports this algorithm since version 1.0.3 http://wiki.nginx.org/HttpAuthBasicModule#auth_basic_user_file.

This is a naive implementation that doesn't aim for high speed, but to be reasonably fast it uses MD5() function from OpenSSL library so during compilation you'll nead to have it installed including header files. Many Linux distributions have separate dev packages for this.

Synopsis

Htpasswd

Apache comes with utility named htpasswd that allows to create, delete and update flat files normally named .htpasswd that store pairs of usernames and passwords. While both this utility and Apache support more algorithms most of them rely on UNIX crypt() function. ApacheMD5 is not one of them and therefore it is suitable for cross-platform usage. See also htpasswd documentation on http://httpd.apache.org/docs/current/programs/htpasswd.html.

Example: Creating htpasswd-like entry

Output of apacheMD5 function is not identical to what htpasswd does. To create htpasswd-like entry one needs to do:

import Data.ByteString (ByteString)
import qualified Data.ByteString.Char8 as C8 (concat, pack, singleton)
import Data.Digest.ApacheMD5 (Salt, apacheMD5, unSalt)

htpasswdEntry :: ByteString -> ByteString -> Salt -> ByteString
htpasswdEntry username password salt = C8.concat
    [ username
    , C8.pack ":$apr1$"
    , unSalt salt
    , C8.singleton '$'
    , apacheMD5 password salt
    ]

API Documentation

apacheMD5 Source

Arguments

:: Password 
-> Salt 
-> ByteString

Apache MD5 Hash

Taking password and salt this function produces resulting ApacheMD5 hash which is already base 64 encoded.

type Password = ByteString Source

Type alias for more readable type signatures.

data Salt Source

Apache MD5 hash salt. When constructing .htpasswd file it is necessary for the salt to be consisting of octets from alpha64 "set". This newtype along with mkSalt smart constructor are here to ensure such invariant.

mkSalt :: ByteString -> Maybe Salt Source

Smart constructor for Salt. It tests that provided ByteString is not empty and that all its octets are members of alphabet used for base 64 encoding alpha64 and it uses isAlpha64 predicate to do so.