About hmac and hashing and encryption
In creating a private API, I need to encrypt or hash the tokens.
I had no idea about hmac, so I looked it up.
hmac stands for Keyed-Hashing for Message Authentication code. I don’t know the real official name.
| item | feature |
|---|---|
| hashing | It cannot be undone. Hash functions are MD5, SHA1, SHA256, etc. |
| encryption | I can put it back together. |
This is the difference between hashing and encryption.
Hashing is irreversible and cannot be undone once hashed. In contrast, encryption can be undone. This is called decryption.
What is HMAC Certification?
There is an authentication method called HMAC authentication, which uses “HMAC-SHA256” or “HMAC-SHA512” for hashing.
The private key is shared between two parties (e.g., client and server) who share the same private key, the API key is hashed between the two parties, and authentication is performed based on whether the hash value is the same or not.
If they are the same, it is guaranteed that the contents have not been tampered with (integrity).
This is checked using the crypto module in nodejs.
npm init -y npm install --save crypto
The following source uses the createHash method to create a SHA512 hash object.
index.js
const crypto = require('crypto');
const sha512 = crypto.createHash('sha512');
const hash = sha512.update('password12345678', 'utf8').digest('hex');
console.log(hash); // hash value=a3d150c15f1a9a4e07d398fad94568460e3b044570b632bf67e27d3a231a04e4931aada1a3bef6bd94d08801ce0c684fed450705867df6f07fa0a395c4256071
コメント