shiro-tools-hasher man page

shiro-tools-hasher — Print a cryptographic hash (aka message digest) of the specified <value>.


usage: shiro-tools-hasher [OPTIONS...] [VALUE...]



The following options are understood:

-a,--algorithm <name>

hash algorithm name. Defaults to SHA-256 when password hashing, MD5 otherwise.


show additional error (stack trace) information.

-f,--format <arg>

hash output format. Defaults to 'shiro1' when password hashing, 'hex' otherwise.


generate and use a random salt. Defaults to true when password hashing, false otherwise.

-gss,--gensaltsize <numBits>

the number of salt bits (not bytes!) to generate. Defaults to 128.


Show this help string

-i,--iterations <num>

number of hash iterations. Defaults to 500000 when password hashing, 1 otherwise.


do NOT generate and use a random salt (valid during password hashing).


hash a password (disable typing echo)


hash a password (disable typing echo) but disable password confirmation prompt.


read and hash the resource located at <value>

-s,--salt <sval>

use the specified salt. <arg> is plaintext.

-sb,--saltbytes <encTxt>

use the specified salt bytes. <arg> is hex or base64 encoded text.


<value> is optional only when hashing passwords. It is

required all other times.

Password Hashing


Specify the -p/--password option and DO NOT enter a <value>. You will

be prompted for a password and characters will not echo as you type.



Specifying a salt:

You may specify a salt using the -s/--salt option followed by the salt

value. If the salt value is a base64 or hex string representing a

byte array, you must specify the -sb/--saltbytes option to indicate this,

otherwise the text value bytes will be used directly.

When using -sb/--saltbytes, the -s/--salt value is expected to be a

base64-encoded string by default. If the value is a hex-encoded string,

you must prefix the string with 0x (zero x) to indicate a hex value.

Generating a salt:

Use the -sg/--saltgenerated option if you don't want to specify a salt,

but want a strong random salt to be generated and used during hashing.

The generated salt size defaults to 128 bits. You may specify

a different size by using the -sgs/--saltgeneratedsize option followed by

a positive integer (size is in bits, not bytes).

Because a salt must be specified if computing the

hash later, generated salts will be printed, defaulting to base64

encoding. If you prefer to use hex encoding, additionally use the

-sgh/--saltgeneratedhex option.

Files, Urls and Classpath Resources


If using the -r/--resource option, the <value> represents a resource path.

By default this is expected to be a file path, but you may specify

classpath or URL resources by using the classpath: or url: prefix


Some examples:

<command> -r fileInCurrentDirectory.txt

<command> -r ../../relativePathFile.xml

<command> -r ~/documents/myfile.pdf

<command> -r /usr/local/logs/absolutePathFile.log

<command> -r url:http://foo.com/page.html

<command> -r classpath:/WEB-INF/lib/something.jar

Output Format


Specify the -f/--format option followed by either 1) the format ID (as defined

by the org.apache.shiro.crypto.hash.format.DefaultHashFormatFactory

JavaDoc) or 2) the fully qualified org.apache.shiro.crypto.hash.format.HashFormat

implementation class name to instantiate and use for formatting.

The default output format is 'shiro1' which is a Modular Crypt Format (MCF)

that shows all relevant information as a dollar-sign ($) delimited string.

This format is ideal for use in Shiro's text-based user configuration (e.g.

shiro.ini or a properties file).


shiro-tools-hasher 09/14/2016