Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

hmac
communitycreator

What is the crypto.createHmac() module?

Oluwatomisola Solomon

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Answers Code

In cryptography, HMACkeyed-hash message authentication code is a type of MACMessage authentication code that involves the use of a secret key to perform the hash functions.

An HMAC class is accountable for the Hash-based Message Authentication Code, which hashes the key and values to make one final hash.

Hash-based message authentication code (HMAC) allows you to supply digital signatures with the use of a shared secret. Crypto’s HMAC class uses the HMAC method for digital signing.

How does the crypto.createHmac() work?

The crypto.createHmac() method creates a HMAC object and then returns it. This HMAC uses the algorithm and key that will be passed. The elective options are used to control the stream behavior.

The key defined can be the HMAC key used to generate cryptographic HMAC hash. This HMAC hash function, as illustrated in the image above, is used to generate the authentication code for each message.

Syntax

crypto.createHmac(algorithm, key, [options])

Parameters

  • Parameters: The crypto.createHmac() takes in the parameters described below:

    • Algorithm: This will depends on the accessible algorithms favored by the version of OpenSSL on the platform. It will return a string. The examples are sha256, sha512, etc.

    • Key: This is the HMAC key used to create the cryptographic HMAC hash. It will return a string, Buffer, TypedArray, DataView, or KeyObject. If it is a KeyObject, then its type must be secret.

    • Options: It is an optional parameter used to control stream behavior that returns an object.

    • Return Type: It will return the HMAC object that has been created.

Examples

The following codes are examples of crypto.createHmac().

Example 1

// Node.js program to demonstrate the
// crypto.createHmac() method
// Includes crypto module
const crypto = require('crypto');
// Defining key
const secret = 'GfG';
// Calling createHmac method
const hash = crypto.createHmac('sha256', secret)
// updating data
.update('GeeksforGeeks')
// Encoding to be used
.digest('hex');
// Displays output
console.log(hash);

The code above shows one of the examples of HMAC algorithms called SHA256 HMAC. Secure Hash Algorithm 256 comes under SHA2 and is a cryptographic hash function used to create hash values. It produces a 256-bit hash value known as the message digest. It is similar to hashing, the only difference being that it uses a secret key in hashing.

This code is taken from Geeks for Geeks.

Example 2

//Loading the crypto module in node.js
const crypto = require('crypto');
//creating hmac object
const hmac = crypto.createHmac('sha512', 'yoursecretkeyhere');
//passing the data to be hashed
data = hmac.update('nodejsera');
//Creating the hmac in the required format
gen_hmac= data.digest('hex');
//Printing the output on the console
console.log("hmac : " + gen_hmac);

Secure Hash Algorithm 512 is another example of HMAC algorithms called SHA512 HMAC. This also comes under SHA2 and is a cryptographic hash function used to create hash values. The algorithm produces a 512-bit hash value known as the message digest. This hash value is the same as hashing the input with the SHA512 hashing algorithm, the only difference is that it involves hashing with the help of a secret key.

This code is taken from nodejsera. Other examples of HMAC can be obtained from nodejsera.

RELATED TAGS

hmac
communitycreator

CONTRIBUTOR

Oluwatomisola Solomon

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Answers Code
Keep Exploring