Digest::SRI - Calculate and verify Subresource Integrity hashes (SRI)
use Digest::SRI qw/sri verify_sri/; print sri($filename), "\n"; # current default: SHA-512 print sri($filehandle), "\n"; print sri(\$string), "\n"; print sri("SHA-256", $data), "\n"; # SHA-256, SHA-384, or SHA-512 die "SRI mismatch" unless verify_sri('sha256-...base64...', $data); my $sri = Digest::SRI->new("SHA-256"); $sri->addfilename($filename); $sri->addfile($filehandle); $sri->add($string); print $sri->sri, "\n"; my $sri = Digest::SRI->new("sha256-...base64..."); $sri->add...(...); die "SRI mismatch" unless $sri->verify;
This module provides functions to calculate and verify Subresource Integrity hashes (SRI). All of the usage is shown in the "Synopsis", with some usage notes here:
verify_srifunctions both accept either:
a filename as a plain scalar,
a filehandle as a reference to a glob, or
a string of data as a reference to a scalar.
no argument, which will use the "strongest" hashing algorithm (currently SHA-512),
"SHA-512"(or variants thereof, such as
"sha512") to specify those algorithms, or
a string representing a Subresource Integrity hash, which is to be used for later verification with
Some other hashing algorithms, such as
"MD5", are currently accepted, but known-weak hashing algorithms are not recommended by the W3C spec and they may be rejected by browsers.
->verifyare destructive operations, meaning the state of the underlying Digest object will be reset once you call one of these methods.
The other methods provided by the Digest family of modules, such as
clone, are also provided by this module.
Differences in Base64 padding (
=) are currently ignored on verification, but future versions of this module may add warnings if this is deemed necessary.
This documentation describes version 0.02 of this module.
Copyright (c) 2018 Hauke Daempfling (email@example.com) at the Leibniz Institute of Freshwater Ecology and Inland Fisheries (IGB), Berlin, Germany, http://www.igb-berlin.de/
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.