I was looking at a new specification W3C SRI (Subresource Integrity) , which roughly means Sub-feature integrity that promises to bring more security to features hosted on third-party (or in-house) servers already in use by BootstrapCDN , CloudFlare , < GitHub and jQuery although it is still new and does not have a wide implementation by browsers.
Basically the new specification adds the tag script
two new attributes:
- integrity : Contains the% cryptographic% of the file
- crossorigin : by default "anonymous"
The (simplistic) documentation describes the use of hash
via the command line to create OpenSSL
:
Command line statement to generate hash
openssl dgst -sha384 -binary FILENAME.js | openssl base64 -A
My question is: how do I use the hash
functions of openssl
to get the same result (generate a hash of a file)?
References:
- SRI Hash Generator : online tool
- W3C Subresource Integrity : Specification
- caniuse.com : support
- Mozilla Docs : documentation
- Mozila Hacks : article