W3C SHA1 Hash Algorithm - Version 1.0


This document provides an overview of the Secure Hashing Algorithm, and details how a SHA1 digest is encoded in a DSig 1.0 Resource Reference Information Extension, providing the digest of a referenced web resource.

Status of this Document

This document is part of the DSig 1.0 Recommendation. It has been reviewed by W3C Members and other interested parties and has been endorsed by the Director as a W3C Recommendation. It is a stable document and may be used as reference material or cited as a normative reference from another document.

Last updated: 1998-05-27T18:30:33Z

Overview

This hash algorithm is identified by the URL

http://www.w3.org/TR/1998/REC-DSig-label/SHA1-1_0

The hash algorithm is defined in

The Secure Hash Algorithm (SHA-1), National Institute of Standards and Technology, NIST FIPS PUB 180-1, "Secure Hash Standard,", U.S. Department of Commerce, April 1995

The Secure Hash Algorithm (SHA), developed by NIST, along with the NSA, for use with the Digital Signature Standard (DSS) is specified within the Secure Hash Standard (SHS) [National Institute of Standards and Technology (NIST). FIPS Publication 180: Secure Hash Standard (SHS). May 1993.]. SHA-1 [National Institute of Standards and Technology (NIST). Announcement of Weakness in the Secure Hash Standard. May 1994.] was a revision to SHA that was published in 1994. The revision corrected an unpublished flaw in SHA.

SHA is a cryptographic message digest algorithm (see RSA FAQ Q94: What is a Hash Function?) similar to the MD4 family of hash functions developed by Rivest (see RSA FAQ, Question 99). It differs in that it adds an additional expansion operation, an extra round and the whole transformation was designed to accomodate the DSS block size for efficiency.

The Secure Hash Algorithm takes a message of less than 264 bits in length and produces a 160-bit message digest which is designed so that it should be computationaly expensive to find a text which matches a given hash. ie if you have a hash for document A, H(A), it is difficult to find a document B which has the same hash, and even more difficult to arrange that document B says what you want it to say.

SHA is part of the Capstone project (see RSA FAQ, Question 150). For further information on SHA, see:

Encoding

All values are encoded using the standard base-64 representation of a byte-array containing the two's-complement representation of the value to encode. The first byte in this array is the high-order byte. The minimal number of bytes necessary is used to represent a certain value, so no leading zero-bytes are allowed.

The BNF below shows how a SHA1 digest is encoded in a Resource Reference Information Extension.

resinfo-data      ::= '(' HashAlgoURL resource-hash hash-date*1 ')'
HashAlgoURL       ::= '"http://www.w3.org/TR/1998/REC-DSig-label/SHA1-1_0"'
resource-hash     ::= '"base64-string encoding of 160 bit SHA1 message
                        digest of the information resource."'
hash-date         ::= quoted-ISO-date 
quoted-ISO-date   ::= '"'YYYY'.'MM'.'DD'T'hh':'mmStz'"'
     based on the ISO 8601:1988 date and time standard, restricted
     to the specific form described here:
     YYYY ::= four-digit year
     MM   ::= two-digit month (01=January, etc.)
     DD   ::= two-digit day of month (01 through 31)
     hh   ::= two digits of hour (00 through 23) (am/pm NOT allowed)
     mm   ::= two digits of minute (00 through 59)
     S    ::= sign of time zone offset from UTC ('+' or '-')
     tz   ::= four digit amount of offset from UTC
           (e.g., 1512 means 15 hours and 12 minutes)
     For example, "1994.11.05T08:15-0500" is a valid quoted-ISO-date
     denoting November 5, 1994, 8:15 am, US Eastern Standard Time
     Note: The ISO standard allows considerably greater
     flexibility than that described here.  PICS requires precisely
     the syntax described here -- neither the time nor the time zone may
     be omitted, none of the alternate formats are permitted, and
     the punctuation must be as specified here.
base64-string     ::= as defined in RFC-1521.

hash-date is optional. There may be zero or one dates included here at the signer's behest.

The following example shows a valid DSig 1.0 SHA1 resinfo extension with two SHA1 hashes of the referenced information resource. The first without a date, the second with a date.

   extension
     ( optional "http://www.w3.org/PICS/DSig/resinfo-1_0.html"
                ( "http://www.w3.org/TR/1998/REC-DSig-label/SHA1-1_0" "base64-hash" )
                ( "http://www.w3.org/TR/1998/REC-DSig-label/SHA1-1_0" "base64-hash" 
                  "1997.02.05T08:15-0500" ) )

Copyright  ©  1998 W3C (MIT, INRIA, Keio ), All Rights Reserved. W3C liability, trademark, document use and software licensing rules apply.

Philip A. DesAutels, DSig Project Manager 1 Oct 1997