SHA-1 : Java Glossary


SHA-1 (Secure Hash Algorithm 1) is a message-digest algorithm developed by NIST (National Institute of Standards and Technology) and NSA (National Security Agency). SHA-1 produces an 160-bit (20 byte) message digest used for creating unforgeable digital signatures. The algorithm is slower than MD5 (Message Digest algorithm 5) but the message digest is larger, which makes it more resistant to brute force attacks, which choose messages at random in an attempt to generate the same message digest. SHA-1 is also used to digitally sign jar files. PGP (Pretty Good Privacy) uses SHA-1 for digitally signing email. You compute it using a MesssageDigest object created  Note that SHA-1 involves no private or public key. The algorithm for computing it is completely public. It represents a summary of an entire file or message. Only that summary needs to be digitally signed/encrypted, not the entire file. SHA-1 now has higher strength brothers, SHA-256, SHA-384, and SHA-512 for 256, 384 and 512-bit digests respectively. SHA-0 is also 160 bits and is an obsolete first attempt, quickly replaced by SHA-1

A SHA-1 digest looks like an byte[20] of apparently random bytes, though they are completely repeatable. You need to armour it if you want to make it printable for transporting in an email, for example. The SHA-1 digests that you see in the manifest of a Sun-style digitally signed jar file are base64 encoded.

SHA-1 is a trap-door, one-way function. You can easily compute the SHA-1 digest of a document, but you can’t go backwards and compose a document with a given digest. SHA-1 is not an encryption method.

Sizes of SHA Digests
Name Bits Bytes Hex
SHA-1 160 20 40
SHA-256 256 32 64
SHA-384 384 48 96
SHA-512 512 64 128

Learning More

Oracle’s Javadoc on MessageDigest/SHA-1 : available:

This page is posted
on the web at:

Optional Replicator mirror
on local hard disk J:

Canadian Mind Products
Please the feedback from other visitors, or your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.

Your face IP:[]
You are visitor number