htpasswd (HTTP Basic Auth)
An Apache/nginx .htpasswd file with two users hashed using the {SHA} scheme (Base64 SHA-1) — the sample passwords are documented in the file, for testing Basic-Auth credential parsers and hash identification.
# .htpasswd - HTTP Basic Auth (sample fixture, {SHA} scheme).
# Passwords: webadmin -> 'sample-password', guest -> 'guest'.
webadmin:{SHA}OYMbMU6qBWMrDpAqYkJkju/WZI0=
guest:{SHA}NWdeaPS1r3uZXZIFrQ/EOELxZFA=
Specifications
- Format
- Apache htpasswd
- Scheme
- {SHA} (base64 sha1)
- Users
- 2
- Passwords
- documented in the file
- Sample Only
- true
What is a .htpasswd file?
An .htpasswd file stores usernames and hashed passwords for HTTP Basic Authentication, one user per line as user:hash. The hash is typically bcrypt, Apache MD5 (apr1), or SHA — never plaintext. Apache and nginx read it to guard a directory or route.
How to use this file
Use an example .htpasswd to test Basic-Auth credential parsers, password-hash identification, and web-server auth configuration. The sample credentials are documented and for testing only.
Related files
- csrCertificate Signing Request (CSR)A PKCS#10 certificate signing request (PEM) with the subject and SAN, self-signed by the RSA key to prove key possession — for testing CSR parsers and certificate-authority intake flows.

- keyEd25519 Private Key (PEM)An Ed25519 private key in PKCS#8 PEM, derived from a fixed seed — a published, sample-only modern elliptic-curve key for testing PEM parsers and Ed25519 tooling. Never use it for real.

- keyRSA 2048 Private Key (PEM)A 2048-bit RSA private key in unencrypted PKCS#8 PEM — a deliberately PUBLISHED, sample-only key for testing PEM key parsers and PKCS#8 decoders. Never use it for anything real.

- pubSSH Public Key (Ed25519)An OpenSSH-format Ed25519 public key (the shareable half of the key pair) — a single line of algorithm, Base64 key blob, and comment, for testing SSH public-key parsers and authorized_keys tooling.

- crtX.509 Certificate (.crt)The same self-signed certificate under the conventional .crt extension (PEM-encoded) — for testing trust-store importers and tools that key off the .crt extension. Sample only.

- derX.509 Certificate (DER)The binary DER encoding of the same certificate — for testing ASN.1/DER parsers, Java keystores, and DER-to-PEM converters. Published sample certificate, not a real identity.

Generated by generation/pki_security.py. Free for any use, no attribution required — license.