W3CDigital Signature Initiative SHA1 Secure Hash Algorithm - Version 1.0


This document provides an overview of the Secure Hasing Algorithm, and details how a SHA1 digest is encoded in a Resource Reference Information Extension, providing the digest of a referenced web resource.


Overview

The Secure Hash Algorithm (SHA), developed by NIST, along with the NSA, for use with the Digital Signature Standard (DSS) is specified within the Secure Hash Standard (SHS) [National Institute of Standards and Technology (NIST). FIPS Publication 180: Secure Hash Standard (SHS). May 1993.]. SHA-1 [National Institute of Standards and Technology (NIST). Announcement of Weakness in the Secure Hash Standard. May 1994.] was a revision to SHA that was published in 1994. The revision corrected an unpublished flaw in SHA.

SHA is a cryptographic message digest algorithm similar to the MD4 family of hash functions developed by Rivest (see RSA Labs crypto FAQ[1]. It differs in that it adds an additional expansion operation, an extra round and the whole transformation was designed to accomodate the DSS block size for efficiency.

The Secure Hash Algorithm takes a message of less than 264 bits in length and produces a 160-bit message digest which is designed so that it should be computationaly expensive to find a text which matches a given hash. ie if you have a hash for document A, H(A), it is difficult to find a document B which has the same hash, and even more difficult to arrange that document B says what you want it to say.

SHA is part of the Capstone project[1]. For further information on SHA, see:

[1] The original FAQ citation was to a Cryptography FAQ http://www.rsa.com/rsalabs/newfaq/ but as of December 31, 2001 that document was no longer found. An alternative copy existed as of 2001-12-31. The cited information was "What is a Hash Function?", "What are MD2, MD4 and MD5?", and "What is Capstone?".


DSig 1.0 Encoding

The BNF below shows how a SHA1 digest is encoded in a Resource Reference Information Extension.

resinfo-data      ::= '(' HashAlgoURL resource-hash hash-date*1 ')'
HashAlgoURL       ::= '"http://www.w3.org/PICS/DSig/SHA1_1_0.html"'
resource-hash     ::= '"base64-string encoding of 160 bit SHA1 message
                        digest of the information resource."'
hash-date         ::= quoted-ISO-date 
quoted-ISO-date   ::= '"'YYYY'.'MM'.'DD'T'hh':'mmStz'"'
     based on the ISO 8601:1988 date and time standard, restricted
     to the specific form described here:
     YYYY ::= four-digit year
     MM   ::= two-digit month (01=January, etc.)
     DD   ::= two-digit day of month (01 through 31)
     hh   ::= two digits of hour (00 through 23) (am/pm NOT allowed)
     mm   ::= two digits of minute (00 through 59)
     S    ::= sign of time zone offset from UTC ('+' or '-')
     tz   ::= four digit amount of offset from UTC
           (e.g., 1512 means 15 hours and 12 minutes)
     For example, "1994.11.05T08:15-0500" is a valid quoted-ISO-date
     denoting November 5, 1994, 8:15 am, US Eastern Standard Time
     Note: The ISO standard allows considerably greater
     flexibility than that described here.  PICS requires precisely
     the syntax described here -- neither the time nor the time zone may
     be omitted, none of the alternate formats are permitted, and
     the punctuation must be as specified here.
base64-string     ::= as defined in RFC-1521.

hash-date is optional. There may be zero or one dates included here at the signer's behest.

The following example shows a valid DSig 1.0 SHA1 resinfo extension with two SHA1 hashes of the referenced information resource. The first without a date, the second with a date.

   extension
     ( optional "http://www.w3.org/PICS/DSig/resinfo-1_0.html"
                ( "http://www.w3.org/PICS/DSig/SHA1_1_0.html" "base64-hash" )
                ( "http://www.w3.org/PICS/DSig/SHA1_1_0.html" "base64-hash" 
                  "1997.02.05T08:15-0500" ) )

Philip A. DesAutels, DSig Project Manager 1 Oct 1997