Javascript::SHA1 - Calculate the SHA1 digest of a CGI form field


This is a complete, runnable, tested program.


        use strict;
        use warnings;

        use CGI;
        use Javascript::SHA1;

        # ------------------

        my($q)  = CGI -> new();
        my($p)  = $q -> param('my_password') || '';
        my($js) = Javascript::SHA1 -> new();

        print $q -> header(),
      $q -> start_html({script => $js -> javascript('my_password'), title => 'Javascript::SHA1'}),
      $q -> h1({align => 'center'}, 'Javascript::SHA1'),
      "Previous value: $p",
      $q -> br(),
      $q -> start_form({action => $q -> url(), name => 'SHA1'}),
      'Username: ',
      $q -> textfield({name => 'my_username', size => 50}),
      $q -> br(),
      'Password: ',
      $q -> password_field({name => 'my_password', size => 50}),
      $q -> br(),
      'Generate str2hex_sha1: ',
      $q -> submit({onClick => 'return str2hex_sha1()'}),
      $q -> end_form(),
      $q -> end_html();


Javascript::SHA1 is a pure Perl module.

This module allows you to convert user input, eg a password, into the SHA1 digest of that input.

This means the password itself need never be transmitted across the network - only the SHA1 digest need be transmitted.


This module is available both as a Unix-style distro (*.tgz) and an ActiveState-style distro (*.ppd). The latter is shipped in a *.zip file.

See for details.

See for help on unpacking and installing each type of distro.

Constructor and initialization

new(...) returns a Javascript::SHA1 object.

This is the class's contructor.

Usage: Javascript::SHA1 -> new().

new() does not take any parameters.

Method: javascript([$name_of_CGI_password_field][, $number_of_CGI_form])

Returns a block of Javascript which you must output as part of your HTML page.

Takes 2 optional parameters:

The name of the CGI field used to input the password

This field name defaults to 'password'.

The number of the CGI form within the HTML page

This field value defaults to 0, which is the first form on the page.

See the Synopsis for one way to do this.

Note: if you pass just 1 parameter, it is assumed to be the name of a field.

Submitting a CGI Form

To disable this module, simply use a submit button of the form:

        $q -> submit();

To enable the module, use a submit button with an onClick event handler that calls a Javascript function which converts your CGI password field's value into the SHA1 digest of that value. Use one of:

$q -> submit({onClick => 'return str2hex_sha1()'});

Returns a string of length 40.

$q -> submit({onClick => 'return str2b64_sha1()'});

Returns a string of length 27.

$q -> submit({onClick => 'return str2str_sha1()'});

Returns a string of length 20 (approx :-).

Example code

See the examples/ directory in the distro.

There is 1 demo file, sha1.cgi.

This is a CGI script identical to the one in the synopsis.

Edit it to suit your circumstances.

Related Modules



Javascript::SHA1 was written by Ron Savage <> in 2004.

Home page:


Australian copyright (c) 2004, Ron Savage. All Programs of mine are 'OSI Certified Open Source Software'; you can redistribute them and/or modify them under the terms of The Artistic License, a copy of which is available at: