class OpenSSL::Digest
OpenSSL::Digest allows you to compute message digests (sometimes interchangeably called “hashes”) of arbitrary data that are cryptographically secure, i.e. a Digest implements a secure one-way function.
One-way functions offer some useful properties. E.g. given two distinct inputs the probability that both yield the same output is highly unlikely. Combined with the fact that every message digest algorithm has a fixed-length output of just a few bytes, digests are often used to create unique identifiers for arbitrary data. A common example is the creation of a unique id for binary documents that are stored in a database.
Another useful characteristic of one-way functions (and thus the name) is that given a digest there is no indication about the original data that produced it, i.e. the only way to identify the original input is to “brute-force” through every possible combination of inputs.
These characteristics make one-way functions also ideal companions for public key signature algorithms: instead of signing an entire document, first a hash of the document is produced with a considerably faster message digest algorithm and only the few bytes of its output need to be signed using the slower public key algorithm. To validate the integrity of a signed document, it suffices to re-compute the hash and verify that it is equal to that in the signature.
You can get a list of all digest algorithms supported on your system by running this command in your terminal:
openssl list -digest-algorithms
Among the OpenSSL 1.1.1 supported message digest algorithms are: * SHA224, SHA256, SHA384, SHA512, SHA512-224 and SHA512-256 * SHA3-224, SHA3-256, SHA3-384 and SHA3-512 * BLAKE2s256 and BLAKE2b512
Each of these algorithms can be instantiated using the name:
digest = OpenSSL::Digest.new('SHA256')
“Breaking” a message digest algorithm means defying its one-way function characteristics, i.e. producing a collision or finding a way to get to the original data by means that are more efficient than brute-forcing etc. Most of the supported digest algorithms can be considered broken in this sense, even the very popular MD5 and SHA1 algorithms. Should security be your highest concern, then you should probably rely on SHA224, SHA256, SHA384 or SHA512.
Hashing a file
data = File.binread('document') sha256 = OpenSSL::Digest.new('SHA256') digest = sha256.digest(data)
Hashing several pieces of data at once
data1 = File.binread('file1') data2 = File.binread('file2') data3 = File.binread('file3') sha256 = OpenSSL::Digest.new('SHA256') sha256 << data1 sha256 << data2 sha256 << data3 digest = sha256.digest
Reuse a Digest instance
data1 = File.binread('file1') sha256 = OpenSSL::Digest.new('SHA256') digest1 = sha256.digest(data1) data2 = File.binread('file2') sha256.reset digest2 = sha256.digest(data2)
Public Class Methods
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 3237
def self.digest: (String name, String data) -> String
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 3348
def initialize: (String name, ?String data) -> void
Creates a Digest instance based on string, which is either the ln (long name) or sn (short name) of a supported digest algorithm. A list of supported algorithms can be obtained by calling OpenSSL::Digest.digests.
If data (a String) is given, it is used as the initial input to the Digest instance, i.e.
digest = OpenSSL::Digest.new('sha256', 'digestdata')
is equivalent to
digest = OpenSSL::Digest.new('sha256') digest.update('digestdata')
Public Instance Methods
Not every message digest can be computed in one single pass. If a message digest is to be computed from several subsequent sources, then each may be passed individually to the Digest instance.
Example
digest = OpenSSL::Digest.new('SHA256') digest.update('First input') digest << 'Second input' # equivalent to digest.update('Second input') result = digest.digest
() → Integer
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 3264
def block_length: () -> Integer
Returns the block length of the digest algorithm, i.e. the length in bytes of an individual block. Most modern algorithms partition a message to be digested into a sequence of fix-sized blocks that are processed consecutively.
Example
digest = OpenSSL::Digest.new('SHA1') puts digest.block_length # => 64
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 3266
def digest: (?String data) -> String
() → Integer
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 3279
def digest_length: () -> Integer
Returns the output size of the digest, i.e. the length in bytes of the final message digest result.
Example
digest = OpenSSL::Digest.new('SHA1') puts digest.digest_length # => 20
(*untyped) → untyped
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 3328
def finish: (*untyped) -> untyped
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 3281
def hexdigest: () -> String
(self) → void
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 3355
def initialize_copy: (self) -> void
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 3294
def name: () -> String
() → self
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 3303
def reset: () -> self
Resets the Digest in the sense that any Digest#update that has been performed is abandoned and the Digest is set to its initial state again.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 3319
def update: (String data) -> self
Not every message digest can be computed in one single pass. If a message digest is to be computed from several subsequent sources, then each may be passed individually to the Digest instance.
Example
digest = OpenSSL::Digest.new('SHA256') digest.update('First input') digest << 'Second input' # equivalent to digest.update('Second input') result = digest.digest