diff --git a/README.md b/README.md
new file mode 100644
index 0000000..15259f5
--- /dev/null
+++ b/README.md
@@ -0,0 +1,4 @@
+```
+openssl genrsa -out private_key 2048
+openssl req -new -x509 -key private_key -out public_key -days 365
+```
diff --git a/htpasswd.go b/htpasswd.go
new file mode 100644
index 0000000..17956cf
--- /dev/null
+++ b/htpasswd.go
@@ -0,0 +1,62 @@
+package main
+
+// Copied from github.com/bitly/oauth2_proxy
+
+import (
+	"crypto/sha1"
+	"encoding/base64"
+	"encoding/csv"
+	"io"
+	"log"
+	"os"
+)
+
+// lookup passwords in a htpasswd file
+// The entries must have been created with -s for SHA encryption
+
+type HtpasswdFile struct {
+	Users map[string]string
+}
+
+func NewHtpasswdFromFile(path string) (*HtpasswdFile, error) {
+	r, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer r.Close()
+	return NewHtpasswd(r)
+}
+
+func NewHtpasswd(file io.Reader) (*HtpasswdFile, error) {
+	csv_reader := csv.NewReader(file)
+	csv_reader.Comma = ':'
+	csv_reader.Comment = '#'
+	csv_reader.TrimLeadingSpace = true
+
+	records, err := csv_reader.ReadAll()
+	if err != nil {
+		return nil, err
+	}
+	h := &HtpasswdFile{Users: make(map[string]string)}
+	for _, record := range records {
+		h.Users[record[0]] = record[1]
+	}
+	return h, nil
+}
+
+func (h *HtpasswdFile) Validate(user string, password string) bool {
+	realPassword, exists := h.Users[user]
+	if !exists {
+		return false
+	}
+	if realPassword[:5] == "{SHA}" {
+		d := sha1.New()
+		d.Write([]byte(password))
+		if realPassword[5:] == base64.StdEncoding.EncodeToString(d.Sum(nil)) {
+			return true
+		}
+	} else {
+		log.Printf("Invalid htpasswd entry for %s. Must be a SHA entry.", user)
+	}
+	return false
+}