<< Back to man.ChinaUnix.net

next up previous contents index
Next: Bacula Memory Management Up: Developer's Guide Previous: Bacula Regression Testing   Contents   Index

Subsections


Bacula MD5 Algorithm


Command Line Message Digest Utility

This page describes md5, a command line utility usable on either Unix or MS-DOS/Windows, which generates and verifies message digests (digital signatures) using the MD5 algorithm. This program can be useful when developing shell scripts or Perl programs for software installation, file comparison, and detection of file corruption and tampering.


Name

md5 - generate / check MD5 message digest


Synopsis

md5 [ -csignature ] [ -u ] [ -dinput_text | infile ] [ outfile ]


Description

A message digest is a compact digital signature for an arbitrarily long stream of binary data. An ideal message digest algorithm would never generate the same signature for two different sets of input, but achieving such theoretical perfection would require a message digest as long as the input file. Practical message digest algorithms compromise in favour of a digital signature of modest size created with an algorithm designed to make preparation of input text with a given signature computationally infeasible. Message digest algorithms have much in common with techniques used in encryption, but to a different end; verification that data have not been altered since the signature was published.

Many older programs requiring digital signatures employed 16 or 32 bit cyclical redundancy codes (CRC) originally developed to verify correct transmission in data communication protocols, but these short codes, while adequate to detect the kind of transmission errors for which they were intended, are insufficiently secure for applications such as electronic commerce and verification of security related software distributions.

The most commonly used present-day message digest algorithm is the 128 bit MD5 algorithm, developed by Ron Rivest of the MIT Laboratory for Computer Science and RSA Data Security, Inc. The algorithm, with a reference implementation, was published as Internet RFC 1321 in April 1992, and was placed into the public domain at that time. Message digest algorithms such as MD5 are not deemed ``encryption technology'' and are not subject to the export controls some governments impose on other data security products. (Obviously, the responsibility for obeying the laws in the jurisdiction in which you reside is entirely your own, but many common Web and Mail utilities use MD5, and I am unaware of any restrictions on their distribution and use.)

The MD5 algorithm has been implemented in numerous computer languages including C, Perl, and Java; if you're writing a program in such a language, track down a suitable subroutine and incorporate it into your program. The program described on this page is a command line implementation of MD5, intended for use in shell scripts and Perl programs (it is much faster than computing an MD5 signature directly in Perl). This md5 program was originally developed as part of a suite of tools intended to monitor large collections of files (for example, the contents of a Web site) to detect corruption of files and inadvertent (or perhaps malicious) changes. That task is now best accomplished with more comprehensive packages such as Tripwire, but the command line md5 component continues to prove useful for verifying correct delivery and installation of software packages, comparing the contents of two different systems, and checking for changes in specific files.


Options

-csignature
Computes the signature of the specified infile or the string supplied by the -d option and compares it against the specified signature. If the two signatures match, the exit status will be zero, otherwise the exit status will be 1. No signature is written to outfile or standard output; only the exit status is set. The signature to be checked must be specified as 32 hexadecimal digits.

-dinput_text
A signature is computed for the given input_text (which must be quoted if it contains white space characters) instead of input from infile or standard input. If input is specified with the -d option, no infile should be specified.

-u
Print how-to-call information.


Files

If no infile or -d option is specified or infile is a single ``-'', md5 reads from standard input; if no outfile is given, or outfile is a single ``-'', output is sent to standard output. Input and output are processed strictly serially; consequently md5 may be used in pipelines.


Bugs

The mechanism used to set standard input to binary mode may be specific to Microsoft C; if you rebuild the DOS/Windows version of the program from source using another compiler, be sure to verify binary files work properly when read via redirection or a pipe.

This program has not been tested on a machine on which int and/or long are longer than 32 bits.


Download md5.zip (Zipped archive)

The program is provided as md5.zip, a Zipped archive containing an ready-to-run Win32 command-line executable program, md5.exe (compiled using Microsoft Visual C++ 5.0), and in source code form along with a Makefile to build the program under Unix.


See Also

sum(1)


Exit Status

md5 returns status 0 if processing was completed without errors, 1 if the -c option was specified and the given signature does not match that of the input, and 2 if processing could not be performed at all due, for example, to a nonexistent input file.


Copying

This software is in the public domain. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, without any conditions or restrictions. This software is provided ``as is'' without express or implied warranty.


Acknowledgements

The MD5 algorithm was developed by Ron Rivest. The public domain C language implementation used in this program was written by Colin Plumb in 1993. by John Walker January 6th, MIM


next up previous contents index
Next: Bacula Memory Management Up: Developer's Guide Previous: Bacula Regression Testing   Contents   Index
Kern Sibbald 2006-08-01