How to generate password digest for basic authentication of HTTP users

Generate password digest for basic authentication of HTTP users.

Apache HTTP server utilities

htpasswd is the most popular command-line utility to manage user files for basic authentication.

I will use a version of MD5 modified for Apache to generate password digest (which is used by default) as it is also supported by the openssl utilities.

Install apache2-utils.

$ sudo apt install apache2-utils

Create an empty file to store HTTP account information.

$ sudo touch /etc/nginx/snippets/statistics.htpasswd
You can use htpasswd to create a file to store HTTP account information, but I am against it as it will truncate it, so this solution is prone to mistakes.

Display encrypted password for username on standard output.

$ echo "password" | htpasswd -i -n username
username:$apr1$Qzu3mckE$xiu7cvijFfWTqha/AEQhE1

Add or update HTTP account information.

$ echo "stats" | sudo htpasswd -i /etc/nginx/snippets/statistics.htpasswd stats
Adding password for user stats
$ echo "stats-" | sudo htpasswd -i /etc/nginx/snippets/statistics.htpasswd stats
Updating password for user stats

Verify password for specific HTTP user.

$ echo "stats-" | sudo htpasswd -i -v /etc/nginx/snippets/statistics.htpasswd stats
Password for user stats correct.
$ echo "stats" | sudo htpasswd -i -v /etc/nginx/snippets/statistics.htpasswd stats
password verification failed

Delete specific HTTP user.

$ sudo htpasswd -D /etc/nginx/snippets/statistics.htpasswd stats
Deleting password for user stats
$ sudo htpasswd -D /etc/nginx/snippets/statistics.htpasswd stats
User stats not found

Truncate and rewrite HTTP account information. You will end up with a single HTTP account.

$ echo "stats" | sudo htpasswd -i -c /etc/nginx/snippets/statistics.htpasswd stats
Adding password for user stats
$ echo "stats" | sudo htpasswd -i -c /etc/nginx/snippets/statistics.htpasswd stats
Adding password for user stats
I will repeat myself. The create option is really prone to mistakes.

OpenSSL utilities

You do not need to use htpasswd command as you can generate password digest for basic authentication using standard openssl utilities.

$ echo "password" | openssl passwd -apr1 -stdin
$apr1$r8mlIRyv$B7xsBRVCUyMnCjfvkR/u./
$ echo  "username:$(echo password | openssl passwd --salt r8mlIRyv -apr1 -stdin)"
username:$apr1$r8mlIRyv$B7xsBRVCUyMnCjfvkR/u./
$ echo  "stats:$(echo stats | openssl passwd -apr1 -stdin)"
stats:$apr1$iLpPMCo9$j1zviL0K9tL6N7UtBvwcT.

You need to manage HTTP account information by yourself when using openssl.