command-line-hasher.html - shiro-site - Git at Google

 <!DOCTYPE html>
 <!--
    Licensed to the Apache Software Foundation (ASF) under one or more
    contributor license agreements.  See the NOTICE file distributed with
    this work for additional information regarding copyright ownership.
    The ASF licenses this file to You under the Apache License, Version 2.0
    (the "License"); you may not use this file except in compliance with
    the License.  You may obtain a copy of the License at

         http://www.apache.org/licenses/LICENSE-  2.0

    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
 -->
 <html lang="en">
   <head>
     <meta charset="utf-8"/>
     <title>Command Line Hasher | Apache Shiro</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <meta name="keywords" content='documentation,hashes,command-line,cli,hasher,tool'>
     <meta name="generator" content="JBake">
     <meta name="google-site-verification" content="QIax6uT5UX3enoU0G8Pz2pXbQ45KaQuHZ3nCh9V27mw">
     <meta name="google-site-verification" content="ecFap6dWJgS_GCCtxmJQJ_nFYQhM6EgSpBPZDU7xsCE">
     <meta name="google-site-verification" content="gBTYOG8lMfNb_jrWrH3kFbudpEs_WrAJ2lb2-zLRaso"/>
     <meta name="msvalidate.01" content="0B57EB46CBFAD8FD45008D2DB6B6C68C">

     <meta property="og:title" content="Command Line Hasher | Apache Shiro"/>
     <meta property="og:type" content="article"/>
       <meta name="twitter:card" content="summary" />
     <meta name="twitter:site" content="@ApacheShiro" />
     <meta property="article:modification_time" content="2010-03-18T00:00:00Z"/>
     <meta property="article:tag" content='documentation'/>
     <meta property="article:tag" content='hashes'/>
     <meta property="article:tag" content='command-line'/>
     <meta property="article:tag" content='cli'/>
     <meta property="article:tag" content='hasher'/>
     <meta property="article:tag" content='tool'/>
     <meta property="og:locale" content="en_US" />
     <meta property="og:url" content='https://shiro.apache.org/command-line-hasher.html'/>
     <meta property="og:image" content='images/shiro-featured-image.png'/>
     <meta property="og:image:width" content='1200'/>
     <meta property="og:image:height" content='628'/>
     <meta property="og:site_name" content="Apache Shiro"/>

     <!-- Le styles -->
     <link href="css/bootstrap.min.css" rel="stylesheet">
     <link href="bootstrap-icons-1.5.0/bootstrap-icons.css" rel="stylesheet">
     <link href="css/asciidoctor.css" rel="stylesheet">
     <link href="css/base.css" rel="stylesheet">
     <link href="highlight.js-11.2.0/styles/default.min.css" rel="stylesheet">
     <link href="css/gh-pages/gh-fork-ribbon.css" rel="stylesheet"/>

     <!-- Fav and touch icons -->
     <!--<link rel="apple-touch-icon-precomposed" sizes="144x144" href="../assets/ico/apple-touch-icon-144-precomposed.png">
     <link rel="apple-touch-icon-precomposed" sizes="114x114" href="../assets/ico/apple-touch-icon-114-precomposed.png">
     <link rel="apple-touch-icon-precomposed" sizes="72x72" href="../assets/ico/apple-touch-icon-72-precomposed.png">
     <link rel="apple-touch-icon-precomposed" href="../assets/ico/apple-touch-icon-57-precomposed.png">-->
     <link rel="shortcut icon" href="favicon.ico">

     <!-- Matomo -->
     <script>
         var _paq = window._paq = window._paq || [];
         /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
         _paq.push(['disableCookies']);
         _paq.push(['trackPageView']);
         _paq.push(['enableLinkTracking']);
         (function() {
             var u="//matomo.privacy.apache.org/";
             _paq.push(['setTrackerUrl', u+'matomo.php']);
             _paq.push(['setSiteId', '2']);
             var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
             g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
         })();
     </script>
     <!-- End Matomo Code -->
   </head>
   <body>
     <div id="top-bar"></div>
     <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro" title="Fork me on GitHub">Fork me on GitHub</a>

     <div id="wrap">

       <div class="masthead">
         <p class="lead">
           <a href="index.html"><img src="images/apache-shiro-logo.png" style="height:100px; width:auto; vertical-align: bottom; margin-top: 20px;" alt="Apache Shiro Logo"></a>
           <span class="tagline">Simple. Java. Security.</span>
           <a class="pull-right" href="https://www.apache.org/events/current-event.html">
             <img style="padding-top: 8px" src="https://www.apache.org/events/current-event-125x125.png" alt="Apache Software Foundation Event Banner"/>
           </a>
         </p>
       </div>

 	<!-- Fixed navbar -->
     <nav class="navbar navbar-expand-lg navbar-light bg-light shadow-sm mb-4">
       <div class="container-fluid">
         <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
           <span class="navbar-toggler-icon"></span>
         </button>

         <div class="collapse navbar-collapse" id="navbarSupportedContent">
           <ul class="navbar-nav me-auto mb-2 mb-lg-0">
             <li class="nav-item">
               <a class="nav-link" href="get-started.html">Get Started</a>
             </li>
             <li class="nav-item">
               <a class="nav-link" href="documentation.html">Docs</a>
             </li>

             <li class="nav-item dropdown">
               <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-webapps" role="button" data-bs-toggle="dropdown" aria-expanded="false">
                 Web Apps
               </a>
               <ul class="dropdown-menu" aria-labelledby="navbarDropdown-webapps">
                 <li><a class="dropdown-item" href="web.html">General</a></li>
                 <li><a class="dropdown-item" href="jaxrs.html">JAX-RS</a></li>
                 <li><a class="dropdown-item" href="jakarta-ee.html">Jakarta EE</a></li>
                 <li><hr class="dropdown-divider"></li>
                 <li><a class="dropdown-item" href="web-features.html">Features</a></li>
               </ul>
             </li>

             <li><a class="nav-link" href="features.html">Features</a></li>

             <!-- integrations -->
             <li class="nav-item dropdown">
               <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-integrations" role="button" data-bs-toggle="dropdown" aria-expanded="false">
                 Integrations
               </a>
               <ul class="dropdown-menu" aria-labelledby="navbarDropdown-integrations">
                 <li><a class="dropdown-item" href="spring-boot.html">Spring</a></li>
                 <li><a class="dropdown-item" href="guice.html">Guice</a></li>
                 <li><hr class="dropdown-divider"></li>
                 <li><a class="dropdown-item" href="integration.html">Third-Party Integrations</a></li>
               </ul>
             </li>

             <!-- Community -->
             <li class="nav-item dropdown">
               <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-community" role="button" data-bs-toggle="dropdown" aria-expanded="false">
                 Community
               </a>
               <ul class="dropdown-menu" aria-labelledby="navbarDropdown-community">
                 <li><a class="dropdown-item" href="forums.html">Community Forums</a></li>
                 <li><a class="dropdown-item" href="mailing-lists.html">Mailing Lists</a></li>
                 <li><a class="dropdown-item" href="articles.html">Articles</a></li>
                 <li><a class="dropdown-item" href="news.html">News</a></li>
                 <li><a class="dropdown-item" href="events.html">Events</a></li>
                 <li><hr class="dropdown-divider"></li>
                 <li><a class="dropdown-item" href="community.html">More</a></li>
               </ul>
             </li>

             <!-- About -->
             <li class="nav-item dropdown">
               <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-about" role="button" data-bs-toggle="dropdown" aria-expanded="false">
                 About
               </a>
               <ul class="dropdown-menu" aria-labelledby="navbarDropdown-about">
                 <li><a class="dropdown-item" href="about.html">About</a></li>
                 <li><a class="dropdown-item" href="privacy-policy.html">Privacy Policy</a></li>
                 <li><a class="dropdown-item" href="security-reports.html">Vulnerability Reports</a></li>
               </ul>
             </li>
           </ul>

           <ul class="d-flex justify-content-end navbar-nav mb-2 mb-lg-0">
             <!-- The ASF -->
             <li class="nav-item dropdown">
               <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-asf" role="button" data-bs-toggle="dropdown" aria-expanded="false">
                 Apache Software Foundation
               </a>
               <ul class="dropdown-menu" aria-labelledby="navbarDropdown-asf">
                 <li><a class="dropdown-item" href="https://www.apache.org/">Apache Homepage</a></li>
                 <li><a class="dropdown-item" href="https://www.apache.org/licenses/">License</a></li>
                 <li><a class="dropdown-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
                 <li><a class="dropdown-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
                 <li><a class="dropdown-item" href="https://www.apache.org/security/">Security</a></li>
               </ul>
             </li>
           </ul>
         </div>
       </div>
     </nav>

 	<div class="page-header">
 		<h1>Command Line Hasher</h1>
 	</div>


   <div class="admonitionblock tip">
     <table>
       <tbody>
         <tr>
           <td class="icon">
             <div class="title">Handy Hint</div>
           </td>
           <td class="content">
             <div class="title">Shiro v1 version notice</div>
             <div class="paragraph">
               <p>As of 2024-03-01, Shiro v1 will soon be superseded by v2.<p>
                 <p>
                   <a href="./v2/">Read this page in the v2 documentation</a>.
                 </p>
             </div>
           </td>
         </tr>
       </tbody>
     </table>
   </div>

 <div id="toc" class="toc">
 <div id="toctitle">Table of Contents</div>
 <ul class="sectlevel1">
 <li><a href="#CommandLineHasher-Usage">Usage</a></li>
 <li><a href="#CommandLineHasher-CommonScenarios">Common Scenarios</a>
 <ul class="sectlevel2">
 <li><a href="#CommandLineHasher-shiro"><code>shiro.ini</code> User Passwords</a></li>
 <li><a href="#CommandLineHasher-MD5checksum">MD5 checksum</a></li>
 </ul>
 </li>
 </ul>
 </div>
 <div id="preamble">
 <div class="sectionbody">
 <div class="paragraph">
 <p>Shiro 1.2.0 and later provides a command line program that can hash strings and resources (files, URLs, classpath entries) of almost any type. To use it, you must have a Java Virtual Machine installed and the 'java' command must be accessible in your <code>$PATH</code> environment variable.</p>
 </div>
 <div class="admonitionblock caution">
 <table>
 <tr>
 <td class="icon">
 <i class="fa icon-caution" title="Caution"></i>
 </td>
 <td class="content">
 <div class="paragraph">
 <p>Do not use the hashes provided in the command line hasher 1.x versions anymore!
 They are outdated and all considered insecure!</p>
 </div>
 </td>
 </tr>
 </table>
 </div>
 </div>
 </div>
 <div class="sect1">
 <h2 id="CommandLineHasher-Usage">Usage</h2>
 <div class="sectionbody">
 <div class="paragraph">
 <p>Ensure you have access to the <code>shiro-tools-hasher-2.0.0-cli.jar</code> file.
 You can either find this in a source build in the <em>buildroot</em>`/tools/hasher/target` directory or via download through Maven.</p>
 </div>
 <div class="listingblock">
 <div class="content">
 <pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash"># Use the following to download from Maven Central into
 # ~/.m2/repository/org/apache/shiro/tools/shiro-tools-hasher/2.0.0/shiro-tools-hasher-2.0.0-cli.jar
 $ mvn dependency:get -DgroupId=org.apache.shiro.tools -DartifactId=shiro-tools-hasher -Dclassifier=cli -Dversion=2.0.0</code></pre>
 </div>
 </div>
 <div class="paragraph">
 <p>Once you have access to the jar, you can run the following command:</p>
 </div>
 <div class="listingblock">
 <div class="content">
 <pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">$ java -jar shiro-tools-hasher-2.0.0-cli.jar</code></pre>
 </div>
 </div>
 <div class="paragraph">
 <p>This will print all available options for both standard (MD5, SHA1) and more complex password hashing scenarios.</p>
 </div>
 </div>
 </div>
 <div class="sect1">
 <h2 id="CommandLineHasher-CommonScenarios">Common Scenarios</h2>
 <div class="sectionbody">
 <div class="paragraph">
 <p>Please read the printed instructions for the above command. It will provide an exhaustive list of instructions which will help you use the hasher depending on your needs. However, we&#8217;ve provided some quick reference usages/scenarios below for convenience.</p>
 </div>
 <div class="sect2 iniUserPasswords">
 <h3 id="CommandLineHasher-shiro"><code>shiro.ini</code> User Passwords</h3>
 <div class="paragraph">
 <p>It is best to keep user passwords in the <code>shiro.ini</code> <code>[users]</code> section secure. To add a new user account line, use the above command with the <code><strong>-p</strong></code> (or <code>--password</code>) option:</p>
 </div>
 <div class="listingblock">
 <div class="content">
 <pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">$ java -jar shiro-tools-hasher-2.0.0-cli.jar -p</code></pre>
 </div>
 </div>
 <div class="paragraph">
 <p>It will then ask you to enter the password and then confirm it:</p>
 </div>
 <div class="listingblock">
 <div class="content">
 <pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">Password to hash:
 Password to hash (confirm):</code></pre>
 </div>
 </div>
 <div class="paragraph">
 <p>When this command executes, it will print out the securely-salted-iterated-and-hashed password. For example:</p>
 </div>
 <div class="listingblock">
 <div class="content">
 <pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">$shiro1$SHA-256$500000$eWpVX2tGX7WCP2J+jMCNqw==$it/NRclMOHrfOvhAEFZ0mxIZRdbcfqIBdwdwdDXW2dM=</code></pre>
 </div>
 </div>
 <div class="paragraph">
 <p>Take this value and place it as the password in the user definition line (followed by any optional roles) as defined in the <a href="/configuration.html#Configuration-INIConfiguration-Sections-users">INI Users Configuration</a> documentation. For example:</p>
 </div>
 <div class="listingblock">
 <div class="content">
 <pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">[users]
 ...
 user1 = $shiro1$SHA-256$500000$eWpVX2tGX7WCP2J+jMCNqw==$it/NRclMOHrfOvhAEFZ0mxIZRdbcfqIBdwdwdDXW2dM=</code></pre>
 </div>
 </div>
 <div class="paragraph">
 <p>You will also need to ensure that the implicit <code>iniRealm</code> uses a <code>CredentialsMatcher</code> that knows how to perform secure hashed password comparisons. So configure this in the <code>[main]</code> section as well:</p>
 </div>
 <div class="listingblock">
 <div class="content">
 <pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">[main]
 ...
 passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
 iniRealm.credentialsMatcher = $passwordMatcher
 ...</code></pre>
 </div>
 </div>
 </div>
 <div class="sect2">
 <h3 id="CommandLineHasher-MD5checksum">MD5 checksum</h3>
 <div class="paragraph">
 <p>Although you can perform any hash with any algorithm supported on the JVM, the default hashing algorithm is MD5, common for file checksums. Just use the <code><strong>-r</strong></code> (or <code>--resource</code>) option to indicate the following value is a resource location (and not text you wish hashed):</p>
 </div>
 <div class="listingblock">
 <div class="content">
 <pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">$ java -jar shiro-tools-hasher-X.X.X-cli.jar -r RESOURCE_PATH</code></pre>
 </div>
 </div>
 <div class="paragraph">
 <p>By default <code>RESOURCE_PATH</code> is expected to be a file path, but you may specify classpath or URL resources by using the <code>classpath:</code> or <code>url:</code> prefix respectively.</p>
 </div>
 <div class="paragraph">
 <p>Some examples:</p>
 </div>
 <div class="listingblock">
 <div class="content">
 <pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">&lt;command&gt; -r fileInCurrentDirectory.txt
 &lt;command&gt; -r ../../relativePathFile.xml
 &lt;command&gt; -r ~/documents/myfile.pdf
 &lt;command&gt; -r /usr/local/logs/absolutePathFile.log
 &lt;command&gt; -r url:http://foo.com/page.html &lt;command&gt; -r classpath:/WEB-INF/lib/something.jar</code></pre>
 </div>
 </div>
 </div>
 </div>
 </div>
 	<hr />

 </div>

     <div class="footer-padding"></div>

     <div class="container-fluid pt-2 border-top" id="custom-footer">
       <footer class="row justify-content-between align-items-center">
         <div class=" col-md-5">
           <div class="copyright-footer justify-content-start">
             <a href="https://www.apache.org/foundation/contributing.html">Donate to the ASF</a>&nbsp;|&nbsp;
             <a href="https://www.apache.org/licenses/LICENSE-2.0.html">License</a>&nbsp;
             <p class="text-muted">Copyright &copy; 2008-2024 The Apache Software Foundation</p>
           </div>
         </div>

         <div class="d-flex justify-content-center col-md-1">
           <a class="btn btn-social"><span class="social-icon social-twitter"><i class="bi bi-twitter"></i></span></a>
           <a class="btn btn-social"><span class="social-icon social-facebook"><i class="bi bi-facebook"></i></span></a>
           <a class="btn btn-social"><span class="social-icon social-linkedin"><i class="bi bi-linkedin"></i></span></a>
         </div>

         <div class="d-flex justify-content-end col-md-4" id="editThisPage">
           <input type="hidden" id="ghEditPage" value="https://github.com/apache/shiro-site/edit/main/src/site/content/command-line-hasher.adoc"/>
         </div>

         <div class="d-flex col-md-2 justify-content-end" style="position: relative">
           <div class="footer-shield"></div>
         </div>
       </footer>
     </div>


     <!-- Le javascript
     ================================================== -->
     <!-- Placed at the end of the document so the pages load faster -->
     <script src="js/bootstrap.min.js"></script>
     <script src="highlight.js-11.2.0/highlight.min.js"></script>
     <script src="js/shiro.js"></script>

     <script>
         docReady(
           addPageEditLink()
       );
     </script>
     <script>hljs.highlightAll();</script>

     </body>
 </html>
	<!DOCTYPE html>
	<!--
	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE- 2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->
	<html lang="en">
	<head>
	<meta charset="utf-8"/>
	<title>Command Line Hasher \| Apache Shiro</title>
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content='documentation,hashes,command-line,cli,hasher,tool'>
	<meta name="generator" content="JBake">
	<meta name="google-site-verification" content="QIax6uT5UX3enoU0G8Pz2pXbQ45KaQuHZ3nCh9V27mw">
	<meta name="google-site-verification" content="ecFap6dWJgS_GCCtxmJQJ_nFYQhM6EgSpBPZDU7xsCE">
	<meta name="google-site-verification" content="gBTYOG8lMfNb_jrWrH3kFbudpEs_WrAJ2lb2-zLRaso"/>
	<meta name="msvalidate.01" content="0B57EB46CBFAD8FD45008D2DB6B6C68C">

	<meta property="og:title" content="Command Line Hasher \| Apache Shiro"/>
	<meta property="og:type" content="article"/>
	<meta name="twitter:card" content="summary" />
	<meta name="twitter:site" content="@ApacheShiro" />
	<meta property="article:modification_time" content="2010-03-18T00:00:00Z"/>
	<meta property="article:tag" content='documentation'/>
	<meta property="article:tag" content='hashes'/>
	<meta property="article:tag" content='command-line'/>
	<meta property="article:tag" content='cli'/>
	<meta property="article:tag" content='hasher'/>
	<meta property="article:tag" content='tool'/>
	<meta property="og:locale" content="en_US" />
	<meta property="og:url" content='https://shiro.apache.org/command-line-hasher.html'/>
	<meta property="og:image" content='images/shiro-featured-image.png'/>
	<meta property="og:image:width" content='1200'/>
	<meta property="og:image:height" content='628'/>
	<meta property="og:site_name" content="Apache Shiro"/>

	<!-- Le styles -->
	<link href="css/bootstrap.min.css" rel="stylesheet">
	<link href="bootstrap-icons-1.5.0/bootstrap-icons.css" rel="stylesheet">
	<link href="css/asciidoctor.css" rel="stylesheet">
	<link href="css/base.css" rel="stylesheet">
	<link href="highlight.js-11.2.0/styles/default.min.css" rel="stylesheet">
	<link href="css/gh-pages/gh-fork-ribbon.css" rel="stylesheet"/>

	<!-- Fav and touch icons -->
	<!--<link rel="apple-touch-icon-precomposed" sizes="144x144" href="../assets/ico/apple-touch-icon-144-precomposed.png">
	<link rel="apple-touch-icon-precomposed" sizes="114x114" href="../assets/ico/apple-touch-icon-114-precomposed.png">
	<link rel="apple-touch-icon-precomposed" sizes="72x72" href="../assets/ico/apple-touch-icon-72-precomposed.png">
	<link rel="apple-touch-icon-precomposed" href="../assets/ico/apple-touch-icon-57-precomposed.png">-->
	<link rel="shortcut icon" href="favicon.ico">

	<!-- Matomo -->
	<script>
	var _paq = window._paq = window._paq \|\| [];
	/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
	_paq.push(['disableCookies']);
	_paq.push(['trackPageView']);
	_paq.push(['enableLinkTracking']);
	(function() {
	var u="//matomo.privacy.apache.org/";
	_paq.push(['setTrackerUrl', u+'matomo.php']);
	_paq.push(['setSiteId', '2']);
	var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
	g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
	})();
	</script>
	<!-- End Matomo Code -->
	</head>
	<body>
	<div id="top-bar"></div>
	<a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro" title="Fork me on GitHub">Fork me on GitHub</a>

	<div id="wrap">

	<div class="masthead">
	<p class="lead">
	<a href="index.html"><img src="images/apache-shiro-logo.png" style="height:100px; width:auto; vertical-align: bottom; margin-top: 20px;" alt="Apache Shiro Logo"></a>
	<span class="tagline">Simple. Java. Security.</span>
	<a class="pull-right" href="https://www.apache.org/events/current-event.html">
	<img style="padding-top: 8px" src="https://www.apache.org/events/current-event-125x125.png" alt="Apache Software Foundation Event Banner"/>
	</a>
	</p>
	</div>

	<!-- Fixed navbar -->
	<nav class="navbar navbar-expand-lg navbar-light bg-light shadow-sm mb-4">
	<div class="container-fluid">
	<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
	<span class="navbar-toggler-icon"></span>
	</button>

	<div class="collapse navbar-collapse" id="navbarSupportedContent">
	<ul class="navbar-nav me-auto mb-2 mb-lg-0">
	<li class="nav-item">
	<a class="nav-link" href="get-started.html">Get Started</a>
	</li>
	<li class="nav-item">
	<a class="nav-link" href="documentation.html">Docs</a>
	</li>

	<li class="nav-item dropdown">
	<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-webapps" role="button" data-bs-toggle="dropdown" aria-expanded="false">
	Web Apps
	</a>
	<ul class="dropdown-menu" aria-labelledby="navbarDropdown-webapps">
	<li><a class="dropdown-item" href="web.html">General</a></li>
	<li><a class="dropdown-item" href="jaxrs.html">JAX-RS</a></li>
	<li><a class="dropdown-item" href="jakarta-ee.html">Jakarta EE</a></li>
	<li><hr class="dropdown-divider"></li>
	<li><a class="dropdown-item" href="web-features.html">Features</a></li>
	</ul>
	</li>

	<li><a class="nav-link" href="features.html">Features</a></li>

	<!-- integrations -->
	<li class="nav-item dropdown">
	<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-integrations" role="button" data-bs-toggle="dropdown" aria-expanded="false">
	Integrations
	</a>
	<ul class="dropdown-menu" aria-labelledby="navbarDropdown-integrations">
	<li><a class="dropdown-item" href="spring-boot.html">Spring</a></li>
	<li><a class="dropdown-item" href="guice.html">Guice</a></li>
	<li><hr class="dropdown-divider"></li>
	<li><a class="dropdown-item" href="integration.html">Third-Party Integrations</a></li>
	</ul>
	</li>

	<!-- Community -->
	<li class="nav-item dropdown">
	<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-community" role="button" data-bs-toggle="dropdown" aria-expanded="false">
	Community
	</a>
	<ul class="dropdown-menu" aria-labelledby="navbarDropdown-community">
	<li><a class="dropdown-item" href="forums.html">Community Forums</a></li>
	<li><a class="dropdown-item" href="mailing-lists.html">Mailing Lists</a></li>
	<li><a class="dropdown-item" href="articles.html">Articles</a></li>
	<li><a class="dropdown-item" href="news.html">News</a></li>
	<li><a class="dropdown-item" href="events.html">Events</a></li>
	<li><hr class="dropdown-divider"></li>
	<li><a class="dropdown-item" href="community.html">More</a></li>
	</ul>
	</li>

	<!-- About -->
	<li class="nav-item dropdown">
	<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-about" role="button" data-bs-toggle="dropdown" aria-expanded="false">
	About
	</a>
	<ul class="dropdown-menu" aria-labelledby="navbarDropdown-about">
	<li><a class="dropdown-item" href="about.html">About</a></li>
	<li><a class="dropdown-item" href="privacy-policy.html">Privacy Policy</a></li>
	<li><a class="dropdown-item" href="security-reports.html">Vulnerability Reports</a></li>
	</ul>
	</li>
	</ul>

	<ul class="d-flex justify-content-end navbar-nav mb-2 mb-lg-0">
	<!-- The ASF -->
	<li class="nav-item dropdown">
	<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-asf" role="button" data-bs-toggle="dropdown" aria-expanded="false">
	Apache Software Foundation
	</a>
	<ul class="dropdown-menu" aria-labelledby="navbarDropdown-asf">
	<li><a class="dropdown-item" href="https://www.apache.org/">Apache Homepage</a></li>
	<li><a class="dropdown-item" href="https://www.apache.org/licenses/">License</a></li>
	<li><a class="dropdown-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
	<li><a class="dropdown-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
	<li><a class="dropdown-item" href="https://www.apache.org/security/">Security</a></li>
	</ul>
	</li>
	</ul>
	</div>
	</div>
	</nav>

	<div class="page-header">
	<h1>Command Line Hasher</h1>
	</div>


	<div class="admonitionblock tip">
	<table>
	<tbody>
	<tr>
	<td class="icon">
	<div class="title">Handy Hint</div>
	</td>
	<td class="content">
	<div class="title">Shiro v1 version notice</div>
	<div class="paragraph">
	<p>As of 2024-03-01, Shiro v1 will soon be superseded by v2.<p>
	<p>
	<a href="./v2/">Read this page in the v2 documentation</a>.
	</p>
	</div>
	</td>
	</tr>
	</tbody>
	</table>
	</div>

	<div id="toc" class="toc">
	<div id="toctitle">Table of Contents</div>
	<ul class="sectlevel1">
	<li><a href="#CommandLineHasher-Usage">Usage</a></li>
	<li><a href="#CommandLineHasher-CommonScenarios">Common Scenarios</a>
	<ul class="sectlevel2">
	<li><a href="#CommandLineHasher-shiro"><code>shiro.ini</code> User Passwords</a></li>
	<li><a href="#CommandLineHasher-MD5checksum">MD5 checksum</a></li>
	</ul>
	</li>
	</ul>
	</div>
	<div id="preamble">
	<div class="sectionbody">
	<div class="paragraph">
	<p>Shiro 1.2.0 and later provides a command line program that can hash strings and resources (files, URLs, classpath entries) of almost any type. To use it, you must have a Java Virtual Machine installed and the 'java' command must be accessible in your <code>$PATH</code> environment variable.</p>
	</div>
	<div class="admonitionblock caution">
	<table>
	<tr>
	<td class="icon">
	<i class="fa icon-caution" title="Caution"></i>
	</td>
	<td class="content">
	<div class="paragraph">
	<p>Do not use the hashes provided in the command line hasher 1.x versions anymore!
	They are outdated and all considered insecure!</p>
	</div>
	</td>
	</tr>
	</table>
	</div>
	</div>
	</div>
	<div class="sect1">
	<h2 id="CommandLineHasher-Usage">Usage</h2>
	<div class="sectionbody">
	<div class="paragraph">
	<p>Ensure you have access to the <code>shiro-tools-hasher-2.0.0-cli.jar</code> file.
	You can either find this in a source build in the <em>buildroot</em>`/tools/hasher/target` directory or via download through Maven.</p>
	</div>
	<div class="listingblock">
	<div class="content">
	<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash"># Use the following to download from Maven Central into
	# ~/.m2/repository/org/apache/shiro/tools/shiro-tools-hasher/2.0.0/shiro-tools-hasher-2.0.0-cli.jar
	$ mvn dependency:get -DgroupId=org.apache.shiro.tools -DartifactId=shiro-tools-hasher -Dclassifier=cli -Dversion=2.0.0</code></pre>
	</div>
	</div>
	<div class="paragraph">
	<p>Once you have access to the jar, you can run the following command:</p>
	</div>
	<div class="listingblock">
	<div class="content">
	<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">$ java -jar shiro-tools-hasher-2.0.0-cli.jar</code></pre>
	</div>
	</div>
	<div class="paragraph">
	<p>This will print all available options for both standard (MD5, SHA1) and more complex password hashing scenarios.</p>
	</div>
	</div>
	</div>
	<div class="sect1">
	<h2 id="CommandLineHasher-CommonScenarios">Common Scenarios</h2>
	<div class="sectionbody">
	<div class="paragraph">
	<p>Please read the printed instructions for the above command. It will provide an exhaustive list of instructions which will help you use the hasher depending on your needs. However, we’ve provided some quick reference usages/scenarios below for convenience.</p>
	</div>
	<div class="sect2 iniUserPasswords">
	<h3 id="CommandLineHasher-shiro"><code>shiro.ini</code> User Passwords</h3>
	<div class="paragraph">
	<p>It is best to keep user passwords in the <code>shiro.ini</code> <code>[users]</code> section secure. To add a new user account line, use the above command with the <code><strong>-p</strong></code> (or <code>--password</code>) option:</p>
	</div>
	<div class="listingblock">
	<div class="content">
	<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">$ java -jar shiro-tools-hasher-2.0.0-cli.jar -p</code></pre>
	</div>
	</div>
	<div class="paragraph">
	<p>It will then ask you to enter the password and then confirm it:</p>
	</div>
	<div class="listingblock">
	<div class="content">
	<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">Password to hash:
	Password to hash (confirm):</code></pre>
	</div>
	</div>
	<div class="paragraph">
	<p>When this command executes, it will print out the securely-salted-iterated-and-hashed password. For example:</p>
	</div>
	<div class="listingblock">
	<div class="content">
	<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">$shiro1$SHA-256$500000$eWpVX2tGX7WCP2J+jMCNqw==$it/NRclMOHrfOvhAEFZ0mxIZRdbcfqIBdwdwdDXW2dM=</code></pre>
	</div>
	</div>
	<div class="paragraph">
	<p>Take this value and place it as the password in the user definition line (followed by any optional roles) as defined in the <a href="/configuration.html#Configuration-INIConfiguration-Sections-users">INI Users Configuration</a> documentation. For example:</p>
	</div>
	<div class="listingblock">
	<div class="content">
	<pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">[users]
	...
	user1 = $shiro1$SHA-256$500000$eWpVX2tGX7WCP2J+jMCNqw==$it/NRclMOHrfOvhAEFZ0mxIZRdbcfqIBdwdwdDXW2dM=</code></pre>
	</div>
	</div>
	<div class="paragraph">
	<p>You will also need to ensure that the implicit <code>iniRealm</code> uses a <code>CredentialsMatcher</code> that knows how to perform secure hashed password comparisons. So configure this in the <code>[main]</code> section as well:</p>
	</div>
	<div class="listingblock">
	<div class="content">
	<pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">[main]
	...
	passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
	iniRealm.credentialsMatcher = $passwordMatcher
	...</code></pre>
	</div>
	</div>
	</div>
	<div class="sect2">
	<h3 id="CommandLineHasher-MD5checksum">MD5 checksum</h3>
	<div class="paragraph">
	<p>Although you can perform any hash with any algorithm supported on the JVM, the default hashing algorithm is MD5, common for file checksums. Just use the <code><strong>-r</strong></code> (or <code>--resource</code>) option to indicate the following value is a resource location (and not text you wish hashed):</p>
	</div>
	<div class="listingblock">
	<div class="content">
	<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">$ java -jar shiro-tools-hasher-X.X.X-cli.jar -r RESOURCE_PATH</code></pre>
	</div>
	</div>
	<div class="paragraph">
	<p>By default <code>RESOURCE_PATH</code> is expected to be a file path, but you may specify classpath or URL resources by using the <code>classpath:</code> or <code>url:</code> prefix respectively.</p>
	</div>
	<div class="paragraph">
	<p>Some examples:</p>
	</div>
	<div class="listingblock">
	<div class="content">
	<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash"><command> -r fileInCurrentDirectory.txt
	<command> -r ../../relativePathFile.xml
	<command> -r ~/documents/myfile.pdf
	<command> -r /usr/local/logs/absolutePathFile.log
	<command> -r url:http://foo.com/page.html <command> -r classpath:/WEB-INF/lib/something.jar</code></pre>
	</div>
	</div>
	</div>
	</div>
	</div>
	<hr />

	</div>

	<div class="footer-padding"></div>

	<div class="container-fluid pt-2 border-top" id="custom-footer">
	<footer class="row justify-content-between align-items-center">
	<div class=" col-md-5">
	<div class="copyright-footer justify-content-start">
	<a href="https://www.apache.org/foundation/contributing.html">Donate to the ASF</a> \|
	<a href="https://www.apache.org/licenses/LICENSE-2.0.html">License</a>
	<p class="text-muted">Copyright © 2008-2024 The Apache Software Foundation</p>
	</div>
	</div>

	<div class="d-flex justify-content-center col-md-1">
	<a class="btn btn-social"><span class="social-icon social-twitter"><i class="bi bi-twitter"></i></span></a>
	<a class="btn btn-social"><span class="social-icon social-facebook"><i class="bi bi-facebook"></i></span></a>
	<a class="btn btn-social"><span class="social-icon social-linkedin"><i class="bi bi-linkedin"></i></span></a>
	</div>

	<div class="d-flex justify-content-end col-md-4" id="editThisPage">
	<input type="hidden" id="ghEditPage" value="https://github.com/apache/shiro-site/edit/main/src/site/content/command-line-hasher.adoc"/>
	</div>

	<div class="d-flex col-md-2 justify-content-end" style="position: relative">
	<div class="footer-shield"></div>
	</div>
	</footer>
	</div>


	<!-- Le javascript
	================================================== -->
	<!-- Placed at the end of the document so the pages load faster -->
	<script src="js/bootstrap.min.js"></script>
	<script src="highlight.js-11.2.0/highlight.min.js"></script>
	<script src="js/shiro.js"></script>

	<script>
	docReady(
	addPageEditLink()
	);
	</script>
	<script>hljs.highlightAll();</script>

	</body>
	</html>