Tcl Library Source Code

EuroTcl/OpenACS 11 - 12 JULY 2024, VIENNA

[ Main Table Of Contents | Table Of Contents | Keyword Index | Categories | Modules | Applications ]


sha256 - SHA256 Message-Digest Algorithm

Table Of Contents


package require Tcl 8.5 9
package require sha256 ?1.0.5?

::sha2::sha256 ?-hex|-bin? [ -channel channel | -file filename | ?--? string ]
::sha2::sha224 ?-hex|-bin? [ -channel channel | -file filename | ?--? string ]
::sha2::hmac key string
::sha2::hmac ?-hex|-bin? -key key [ -channel channel | -file filename | ?--? string ]
::sha2::SHA256Update token data
::sha2::SHA256Final token
::sha2::SHA224Final token
::sha2::HMACInit key
::sha2::HMACUpdate token data
::sha2::HMACFinal token


This package provides an implementation in Tcl of the SHA256 and SHA224 message-digest algorithms as specified by FIPS PUB 180-1 (1). These algorithms take a message and generates a 256-bit (224-bit) digest from the input. The SHA2 algorithms are related to the SHA1 algorithm.

This package also includes support for creating keyed message-digests using the HMAC algorithm from RFC 2104 (3) with SHA256 as the message-digest.



For the programmer, the SHA256 hash can be viewed as a bucket into which one pours data. When you have finished, you extract a value that is derived from the data that was poured into the bucket. The programming interface to the SHA256 hash operates on a token (equivalent to the bucket). You call SHA256Init to obtain a token and then call SHA256Update as many times as required to add data to the hash. To release any resources and obtain the hash value, you then call SHA256Final. An equivalent set of functions gives you a keyed digest (HMAC).

If you have critcl and have built the tcllibc package then the implementation of the hashing function will be performed by compiled code. Failing that there is a pure-tcl equivalent. The programming interface remains the same in all cases.


% sha2::sha256 "Tcl does SHA256"

% sha2::hmac Sekret "Tcl does SHA256"

% set tok [sha2::SHA256Init]
% sha2::SHA256Update $tok "Tcl "
% sha2::SHA256Update $tok "does "
% sha2::SHA256Update $tok "SHA256"
% sha2::Hex [sha2::SHA256Final $tok]


  1. "Secure Hash Standard", National Institute of Standards and Technology, U.S. Department Of Commerce, April 1995. (

  2. Rivest, R., "The MD4 Message Digest Algorithm", RFC 1320, MIT, April 1992. (

  3. Krawczyk, H., Bellare, M. and Canetti, R. "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997. (

Bugs, Ideas, Feedback

This document, and the package it describes, will undoubtedly contain bugs and other problems. Please report such in the category sha1 of the Tcllib Trackers. Please also report any ideas for enhancements you may have for either package and/or documentation.

When proposing code changes, please provide unified diffs, i.e the output of diff -u.

Note further that attachments are strongly preferred over inlined patches. Attachments can be made by going to the Edit form of the ticket immediately after its creation, and then using the left-most button in the secondary navigation bar.


md4, md5, ripemd128, ripemd160, sha1


FIPS 180-1, hashing, message-digest, rfc 2104, security, sha256


Hashes, checksums, and encryption


Copyright © 2008, Andreas Kupries