Description of the Secure Hash Algorithm SHA-1
The Secure Hash Algorithm SHA-1 is a
cryptographically secure one-way hash
algorithm. It was designed by the NIST (National Institute of Standards and
Technology), along with the NSA (National Security Agency).
SHA-1 is based on the Message Digest MD4 algorithm design principles by
Ronald L. Rivest of MIT.
Well, I think I don't have to explain what you can do with cryptographic hash
algorithms. For an example what you can do with such algorithms, see
CodeProject article (CMD5 class).
For more information about SHA-1, see references
CSHA1 Class Description
CSHA1 class is an easy-to-use class for the SHA-1 hash algorithm.
If you want to test if your implementation of the class is working,
try the test vectors in the 'TestVectors' directory in the demo zip file.
You can find the correct hash values in the header file of the
Class members of the
This member function resets the class. You have to call this method
CSHA1 more than one time. This method is called automatically
in the constructor and the destructor of the
class so if you only hash one single data stream you don't
need to call
void Update(const UINT_8* pbData, UINT_32 uLen);
Use this method to hash in a data stream. Data in
number of bytes in
bool HashFile(const TCHAR* tszFileName);
This method hashes file contents into the current state. If hashing
was successful, the method returns
If you use this member function, you don't need to make any call
Update(...) method. After
you should call the
Final() method immediately.
You have to call
Final() before getting the
message digest of the file using the methods
When you have hashed in all data to hash, call this method. This will
compute the final SHA-1 message digest and it is therefore needed to call
this method before
bool ReportHash(TCHAR* tszReport, REPORT_TYPE rtReportType = REPORT_HEX) const;
After calling the
Final method you can get the message
digest using this method. The result is stored as string in
tszReport. Valid format types for
REPORT_HEX_SHORT. If you use
returned string looks like
5F A9 FB 34..., using
REPORT_DIGIT this method
returns the message digest in the form
129 67 5 98... .
REPORT_HEX_SHORT is the same as
without separating spaces.
bool GetHash(UINT_8* pbDest20) const;
If you don't want to get the hash in a pre-formatted string using
ReportHash, you can use this method. This method copies
the final message digest (call
pbDest20 must be able to hold at least
20 bytes (SHA-1 produces a 160-bit / 20-byte hash).
Hashing Binary Data and Strings
I will comment each line of the example above now.
First declare an instance of the
Now hash in the data like this:
You can call this method as often as you wish.
When you hashed in all data, call the
Final() member function:
If you want to get the final message digest as a pre-formatted string use this:
If you want to get the final message digest in "raw form":
Hashing files is the same process as hashing strings and binary data but
instead of using the
Update method you use the
HashFile member function of the class.
For more comments see the string/binary data hashing example above.
sha1.ReportHash(szReport, CSHA1::REPORT_HEX); sha1.GetHash(binaryArray);
 RFC 3174:
US Secure Hash Algorithm 1 (SHA1).
 Bruce Schneier, Applied Cryptography, pages 442-445.
- Version 2.1 - 2012-06-19
- Deconstructor (resetting internal variables) is now only
SHA1_WIPE_VARIABLES is defined (which is the
- Renamed inclusion guard to contain a GUID.
- Demo application is now using C++/STL objects and functions.
- Unicode build of the demo application now outputs the hashes of both
the ANSI and Unicode representations of strings.
- Various other demo application improvements.
- Version 2.0 - 2012-06-14
- Added '
- Renamed inclusion guard and macros for compliancy (names beginning
with an underscore are reserved).
- Version 1.9 - 2011-11-10
- Added Unicode test vectors.
- Improved support for hashing files using the
HashFile method that
are larger than 4 GB.
- Improved file hashing performance (by using a larger buffer).
- Disabled unnecessary compiler warnings.
- Internal variables are now
- Version 1.8 - 2009-03-16
- Converted project files to Visual Studio 2008 format.
- Added Unicode support for
HashFile utility method.
- Added support for hashing files using the
HashFile method that are
larger than 2 GB.
HashFile now returns an error code instead of copying an error
message into the output buffer.
GetHash now returns an error code and validates the input parameter.
ReportHashStl STL utility method.
REPORT_HEX_SHORT reporting mode.
- Improved Linux compatibility of test program.
- Version 1.7 - 2006-12-21
- Fixed buffer underrun warning that appeared when compiling with
Borland C Builder (thanks to Rex Bloom and Tim Gallagher for the
- Breaking change:
ReportHash writes the final hash to the start
of the buffer, i.e. it's not appending it to the string anymore.
- Made some function parameters
- Added Visual Studio 2005 project files to demo project.
- Version 1.6 - 2005-02-07
- You can set the endianness in your files, no need to modify the
header file of the
CSHA1 class anymore.
- Aligned data support.
- Made support/compilation of the utility functions (
HashFile) optional (useful when bytes count, for example in embedded
- Thanks to Howard Kapustein for patches.
- Version 1.5 - 2005-01-01
- 64-bit compiler compatibility added.
- Made variable wiping optional (define
- Removed unnecessary variable initializations.
ROL32 improvement for the Microsoft compiler (using
- Version 1.4 - 2004-07-22
CSHA1 now compiles fine with GCC 3.3 under Mac OS X (thanks to Larry
- Version 1.3 - 2003-08-17
- Fixed a small memory bug and made a buffer array a class member to
ensure correct working when using multiple
CSHA1 class instances at
- Version 1.2 - 2002-11-16
- Borlands C++ compiler seems to have problems with string addition
sprintf. Fixed the bug which caused the digest report function
not to work properly.
CSHA1 is now Borland compatible.
- Version 1.1 - 2002-10-11
- Removed two unnecessary header file includes and changed
bool. Fixed some minor bugs in the web page contents.
- Version 1.0 - 2002-06-20
That's it! Happy hashing!
Dominik started programming in Omikron Basic, a programming language for the good old Atari ST. After this, there was some short period of QBasic programming on the PC, but soon he began learning C++, which is his favorite language up to now.
He is interested in almost everything that has to do with computing; his special interests are security, cryptography and data compression.
You can find his latest freeware, open source projects and articles on his website: https://www.dominik-reichl.de/