apache-md5- Apache specific MD5 digest algorighm.

Portabilitynon-portable (NoImplicitPrelude, depends on non-portable internal module)
MaintainerPeter Trško <peter.trsko@gmail.com>
Safe HaskellNone




ApacheMD5 is one of the hash algorithms used by Apache HTTP server for basic authentication. It is Apache specific, but e.g. nginx supports this algorithm since version 1.0.3 http://wiki.nginx.org/HttpAuthBasicModule#auth_basic_user_file.

This is a naive implementation that doesn't aim for high speed, but to be reasonably fast it uses MD5() function from OpenSSL library so during compilation you'll nead to have it installed including header files. Many Linux distributions have separate dev packages for this.



Apache comes with utility named htpasswd that allows to create, delete and update flat files normally named .htpasswd that store pairs of usernames and passwords. While both this utility and Apache support more algorithms most of them rely on UNIX crypt() function. ApacheMD5 is not one of them and therefore it is suitable for cross-platform usage. See also htpasswd documentation on http://httpd.apache.org/docs/current/programs/htpasswd.html.

Example: Creating htpasswd-like entry

Output of apacheMD5 function is not identical to what htpasswd does. To create htpasswd-like entry one needs to do:

 import Data.ByteString (ByteString)
 import qualified Data.ByteString.Char8 as C8 (concat, pack, singleton)
 import Data.Digest.ApacheMD5 (Salt, apacheMD5, unSalt)

 htpasswdEntry :: ByteString -> ByteString -> Salt -> ByteString
 htpasswdEntry username password salt = C8.concat
     [ username
     , C8.pack ":$apr1$"
     , unSalt salt
     , C8.singleton '$'
     , apacheMD5 password salt

API Documentation



:: Password 
-> Salt 
-> ByteString

Apache MD5 Hash

Taking password and salt this function produces resulting ApacheMD5 hash which is already base 64 encoded.

type Password = ByteStringSource

Type alias for more readable type signatures.

data Salt Source

Apache MD5 hash salt. When constructing .htpasswd file it is necessary for the salt to be consisting of octets from alpha64 "set". This newtype along with mkSalt smart constructor are here to ensure such invariant.

mkSalt :: ByteString -> Maybe SaltSource

Smart constructor for Salt. It tests that provided ByteString is not empty and that all its octets are members of alphabet used for base 64 encoding alpha64 and it uses isAlpha64 predicate to do so.