Monday, May 21, 2012

Understanding Image SHA-256 Hash Values in PHP with the ImageMagick Package

The getImageSignature function returns the SHA-256 hash value, which is 256 bits (or 32 bytes) in length.  SHA-256 is part of the SHA-2 set of cryptographic hash functions designed by the NSA, which also includes SHA-224, SHA-384, and SHA-512.  According to Wikipedia, there are some security flaws in it similar to the set of SHA-1 hash functions, which should be fixed with SHA-3, eventually.  Unlike MD5 or the SHA-1 set of cryptographic functions, SHA-2 has had no collisions discovered yet (a collision is an incident where two different pieces of data result in the same hash value from the hashing function).  For the time being, it seems to be the most efficient method for creating a small (32-byte), uniquely-identifiable, generally-secure value for either a file or a piece of data.

Some sample code :

<?php

            // Author: holdoffhunger@gmail.com
   
        // Imagick Type
        // ---------------------------------------------

    $imagick_type = new Imagick();
   
        // Open File
        // ---------------------------------------------
       
    $file_to_grab = "image_workshop_directory/test.bmp";
   
    $file_handle_for_viewing_image_file = fopen($file_to_grab, 'a+');
   
        // Grab File
        // ---------------------------------------------

    $imagick_type->readImageFile($file_handle_for_viewing_image_file);
   
        // Get Image SHA-256 Signature / Hash Value
        // ---------------------------------------------
       
    $imagick_type_signature = $imagick_type->getImageSignature();
   
        // Print Image Signature / Hash Value
        // ---------------------------------------------
       
    print($imagick_type_signature);

?>

Results of this done on a standard BMP image :

cb2f387a7b23d11340ad1f5ba9c765125ea6b2d50a0d25412abe1ce568adac68

Official Function Page: http://www.php.net/manual/en/imagick.getimagesignature.php

// Note: All code appearing on the PHP Revolution blog by the blog owner is released under the Hacktivismo Enhanced-Source Software License Agreement (HESSLA), unless otherwise noted.  http://www.hacktivismo.com/about/hessla.php

No comments:

Post a Comment