docker: Index | Files

package digest

import ""

Package digest provides a generalized type to opaquely represent message digests and their operations within the registry. The Digest type is designed to serve as a flexible identifier in a content-addressable system. More importantly, it provides tools and wrappers to work with hash.Hash-based digests with little effort.


The format of a digest is simply a string with two parts, dubbed the "algorithm" and the "digest", separated by a colon:


An example of a sha256 digest representation follows:


The "algorithm" portion defines both the hashing algorithm used to calculate the digest and the encoding of the resulting digest, which defaults to "hex" if not otherwise specified. Currently, all supported algorithms have their digests encoded in hex strings.

In the example above, the string "sha256" is the algorithm and the hex bytes are the "digest".

Because the Digest type is simply a string, once a valid Digest is obtained, comparisons are cheap, quick and simple to express with the standard equality operator.


The main benefit of using the Digest type is simple verification against a given digest. The Verifier interface, modeled after the stdlib hash.Hash interface, provides a common write sink for digest verification. After writing is complete, calling the Verifier.Verified method will indicate whether or not the stream of bytes matches the target digest.

Missing Features

In addition to the above, we intend to add the following features to this package:

1. A Digester type that supports write sink digest calculation.

2. Suspend and resume of ongoing digest calculations to support efficient digest verification in the registry.


Package Files

algorithm.go digest.go digester.go doc.go verifiers.go


var (
    // ErrDigestInvalidFormat returned when digest format invalid.
    ErrDigestInvalidFormat = fmt.Errorf("invalid checksum digest format")

    // ErrDigestInvalidLength returned when digest has invalid length.
    ErrDigestInvalidLength = fmt.Errorf("invalid checksum digest length")

    // ErrDigestUnsupported returned when the digest algorithm is unsupported.
    ErrDigestUnsupported = fmt.Errorf("unsupported digest algorithm")
var DigestRegexp = regexp.MustCompile(`[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+`)

DigestRegexp matches valid digest types.

var DigestRegexpAnchored = regexp.MustCompile(`^` + DigestRegexp.String() + `$`)

DigestRegexpAnchored matches valid digest types, anchored to the start and end of the match.

type Algorithm Uses

type Algorithm string

Algorithm identifies and implementation of a digester by an identifier. Note the that this defines both the hash algorithm used and the string encoding.

const (
    SHA256 Algorithm = "sha256" // sha256 with hex encoding (lower case only)
    SHA384 Algorithm = "sha384" // sha384 with hex encoding (lower case only)
    SHA512 Algorithm = "sha512" // sha512 with hex encoding (lower case only)

    // Canonical is the primary digest algorithm used with the distribution
    // project. Other digests may be used but this one is the primary storage
    // digest.
    Canonical = SHA256

supported digest types

func (Algorithm) Available Uses

func (a Algorithm) Available() bool

Available returns true if the digest type is available for use. If this returns false, Digester and Hash will return nil.

func (Algorithm) Digester Uses

func (a Algorithm) Digester() Digester

Digester returns a new digester for the specified algorithm. If the algorithm does not have a digester implementation, nil will be returned. This can be checked by calling Available before calling Digester.

func (Algorithm) Encode Uses

func (a Algorithm) Encode(d []byte) string

Encode encodes the raw bytes of a digest, typically from a hash.Hash, into the encoded portion of the digest.

func (Algorithm) FromBytes Uses

func (a Algorithm) FromBytes(p []byte) Digest

FromBytes digests the input and returns a Digest.

func (Algorithm) FromReader Uses

func (a Algorithm) FromReader(rd io.Reader) (Digest, error)

FromReader returns the digest of the reader using the algorithm.

func (Algorithm) FromString Uses

func (a Algorithm) FromString(s string) Digest

FromString digests the string input and returns a Digest.

func (Algorithm) Hash Uses

func (a Algorithm) Hash() hash.Hash

Hash returns a new hash as used by the algorithm. If not available, the method will panic. Check Algorithm.Available() before calling.

func (*Algorithm) Set Uses

func (a *Algorithm) Set(value string) error

Set implemented to allow use of Algorithm as a command line flag.

func (Algorithm) Size Uses

func (a Algorithm) Size() int

Size returns number of bytes returned by the hash.

func (Algorithm) String Uses

func (a Algorithm) String() string

func (Algorithm) Validate Uses

func (a Algorithm) Validate(encoded string) error

Validate validates the encoded portion string

type Digest Uses

type Digest string

Digest allows simple protection of hex formatted digest strings, prefixed by their algorithm. Strings of type Digest have some guarantee of being in the correct format and it provides quick access to the components of a digest string.

The following is an example of the contents of Digest types:


This allows to abstract the digest behind this type and work only in those terms.

func FromBytes Uses

func FromBytes(p []byte) Digest

FromBytes digests the input and returns a Digest.

func FromReader Uses

func FromReader(rd io.Reader) (Digest, error)

FromReader consumes the content of rd until io.EOF, returning canonical digest.

func FromString Uses

func FromString(s string) Digest

FromString digests the input and returns a Digest.

func NewDigest Uses

func NewDigest(alg Algorithm, h hash.Hash) Digest

NewDigest returns a Digest from alg and a hash.Hash object.

func NewDigestFromBytes Uses

func NewDigestFromBytes(alg Algorithm, p []byte) Digest

NewDigestFromBytes returns a new digest from the byte contents of p. Typically, this can come from hash.Hash.Sum(...) or xxx.SumXXX(...) functions. This is also useful for rebuilding digests from binary serializations.

func NewDigestFromEncoded Uses

func NewDigestFromEncoded(alg Algorithm, encoded string) Digest

NewDigestFromEncoded returns a Digest from alg and the encoded digest.

func NewDigestFromHex Uses

func NewDigestFromHex(alg, hex string) Digest

NewDigestFromHex is deprecated. Please use NewDigestFromEncoded.

func Parse Uses

func Parse(s string) (Digest, error)

Parse parses s and returns the validated digest object. An error will be returned if the format is invalid.

func (Digest) Algorithm Uses

func (d Digest) Algorithm() Algorithm

Algorithm returns the algorithm portion of the digest. This will panic if the underlying digest is not in a valid format.

func (Digest) Encoded Uses

func (d Digest) Encoded() string

Encoded returns the encoded portion of the digest. This will panic if the underlying digest is not in a valid format.

func (Digest) Hex Uses

func (d Digest) Hex() string

Hex is deprecated. Please use Digest.Encoded.

func (Digest) String Uses

func (d Digest) String() string

func (Digest) Validate Uses

func (d Digest) Validate() error

Validate checks that the contents of d is a valid digest, returning an error if not.

func (Digest) Verifier Uses

func (d Digest) Verifier() Verifier

Verifier returns a writer object that can be used to verify a stream of content against the digest. If the digest is invalid, the method will panic.

type Digester Uses

type Digester interface {
    Hash() hash.Hash // provides direct access to underlying hash instance.
    Digest() Digest

Digester calculates the digest of written data. Writes should go directly to the return value of Hash, while calling Digest will return the current value of the digest.

type Verifier Uses

type Verifier interface {

    // Verified will return true if the content written to Verifier matches
    // the digest.
    Verified() bool

Verifier presents a general verification interface to be used with message digests and other byte stream verifications. Users instantiate a Verifier from one of the various methods, write the data under test to it then check the result with the Verified method.

Package digest imports 6 packages (graph). Updated 2020-10-28. Refresh now. Tools for package owners.