I can successfully create an Hmac via NodeJS using the following code: [slightly altered example from : //nodejs.org/api/crypto.html#cryptocreatehmacalgorithm-key-options]
Crypto.createHmac['sha256', Crypto.randomBytes[16]]
.update['I love cupcakes']
.digest['hex'];
That results in a value like the following [hex-based string Hmac signature]:
fb2937ca821264812d511d68ae06a643915931375633173ba64af9425f2ffd53
How do I use that signature to verify that the data was not altered? [using NodeJS, of course].
My Assumption
I'm assuming there is a method call where you supply the data and the signature and you get a boolean that tells you if the data was altered or not -- or something similar.
Another Solution?
Oh, wait, as I was writing that I started thinking...
Do I need to store the original random bytes I generated [Crypto.randomBytes[16]] and pass them to the receiver so they can just generate
the HMac again and verify that the result is the same [fb2937ca821264812d511d68ae06a643915931375633173ba64af9425f2ffd53
]?
If that is true that would be odd, because the parameter for Crypto.randomBytes[16] is named secret [in the official example]*. Seems like that needs to be kept secret??
Please let me know if there is a way to verify the signature on the receiving side & how I do that.
Official Documentation : A Bit Confusing
Here's the function as it is defined in the official docs: crypto.createHmac[algorithm, key[, options]]
In
the function definition, you can see the second param is named key
.
However, in the example they refer to it as secret
const secret = 'abcdefg';
const hash = crypto.createHmac['sha256', secret]
.update['I love cupcakes']
.digest['hex'];
console.log[hash];
1.3.4 • Public • Published 6 months ago
- Readme
- Explore BETA
- 0 Dependencies
- 1 Dependents
- 6 Versions
verify-hmac-sha
Simple package to verify HMAC with SHA-256 signature. It is just using the native crypto Node.js module like you see in the official doc. I wrap them all up so that you can do this with fewer lines of code.
How to use
At most of the time you will just need to use the verify[]
method which returns a true/false
const verifyHmac256 = require['verify-hmac-sha'] const secret = 'test-secret' const payload = JSON.stringify[{ example: 123 }] const signature = '0076b0ee1c6ea46ec31c8076b40447097497ab311866dd207fa7708e7a2bcc43' console.log[ // do verifyHmac256.encodeInBase64.verify in case of Base64 digest // verifyHmac256.encodeIn['base64'] also works. Just pass in the encoding you prefer // I believe in most cases you will use either encodeInHex or encodeInBase64 verifyHmac256.encodeInHex.verify[{ signature, secret, payload }] ] // true
1.3.4 • Public • Published 6 months ago
- Readme
- Explore BETA
- 0 Dependencies
- 1 Dependents
- 6 Versions
Simple package to verify HMAC with SHA-256 signature. It is just using the native crypto Node.js module like you see in the official doc. I wrap them all up so that you can do this with fewer lines of code. At most of the time you will just need to use the verify-hmac-sha
How to use
verify[]
method which returns a true/falseconst verifyHmac256 = require['verify-hmac-sha']
const secret = 'test-secret'
const payload = JSON.stringify[{ example: 123 }]
const signature = '0076b0ee1c6ea46ec31c8076b40447097497ab311866dd207fa7708e7a2bcc43'
console.log[
// do verifyHmac256.encodeInBase64.verify in case of Base64 digest
// verifyHmac256.encodeIn['base64'] also works. Just pass in the encoding you prefer
// I believe in most cases you will use either encodeInHex or encodeInBase64
verifyHmac256.encodeInHex.verify[{
signature,
secret,
payload
}]
] // true