Hash With a Side of JavaScript
With the rise of Node and one-page web applications, crypto is taking center stage once again. You need to be able to support modern crypto with JavaScript - read on to learn how.
Join the DZone community and get the full member experience.
Join For FreeWe require hashes everywhere, like setting the password in database as hash instead of plain text password, to check whether if file is tampered or not during transmission or checking integrity of file or messages transferred over network, etc.
This small article will give detailed look at creating hash from Node.js core crypto
module and later in the article, it shows how we can use the npm modules for same purpose.
Using the Core Module
Node.js provides the built-in core module crypto
to do cryptography functionality. This core module provides the wrappers on OpenSSL functions.
To make use of these crypto functions, you will need to keep in mind the following:
- You will need to have OpenSSL installed on your machine. Many Linux-based machines have openssl installed by default.
- All functionality depends on version of OpenSSL installed as Node.js just provides wrapper functions on top of OpenSSL functions
You can check for the which algorithms provided with the following command, openssl dgst -h
, upon executing command you will get the following:
$ openssl version
OpenSSL 0.9.8zh 14 Jan 2016
$ openssl dgst -h
unknown option '-h'
options are
-c to output the digest with separating colons
-d to output debug info
-hex output as hex dump
-binary output in binary form
-sign file sign digest using private key in file
-verify file verify a signature using public key in file
-prverify file verify a signature using private key in file
-keyform arg key file format (PEM or ENGINE)
-signature file signature to verify
-binary output in binary form
-hmac key create hashed MAC with key
-engine e use engine e, possibly a hardware device.
-md5 to use the md5 message digest algorithm (default)
-md4 to use the md4 message digest algorithm
-md2 to use the md2 message digest algorithm
-sha1 to use the sha1 message digest algorithm
-sha to use the sha message digest algorithm
-sha224 to use the sha224 message digest algorithm
-sha256 to use the sha256 message digest algorithm
-sha384 to use the sha384 message digest algorithm
-sha512 to use the sha512 message digest algorithm
-mdc2 to use the mdc2 message digest algorithm
-ripemd160 to use the ripemd160 message digest algorithm
As you can see from the above, from line 19 to line 29, it shows the algorithms available. So, basically, you can access functions such as hash, hmac, ciper, decipher, sign, etc.
For this article, we will make use of the hash
function and how we generate algorithms using Node.js crypto
module.
Steps
Load
crypto
moduleCreate the hash object with specified algorithm
Set the data to be hashed, this can be string, file object, buffer object
Generate the hash in required format
For creating the hash object we can use the following algorithms:
Each algorithms has pros and cons and can be used according to need of application.
Lets go through each step of creating a hash:
Step-1: Load crypto
module
var crypto = require(‘crypto’)
Step-2: Create Hash
object from crypto
var hash = crypto.createHash([algorith-to-be-used])
Please note how a hash object is created with the factory function provided by the cypto
variable and not with the new
keyword.
For creating the hash object, you need to provide the algorithm to be used. Mostly the following three are used: md5
,sha1
, and sha256
. You can use any algorithm your OpenSSL provides on your machine.
var hash = crypto.createHash(‘md5’)
var hash = crypto.createHash(‘sha1’)
var hash = crypto.createHash(‘sha256’)
Step-3: Set the data to be hashed
Now, for the hash object, we need to set data to be hashed. This can be a string or file object, and along with the data, we need to specify the encoding type for data. This usually means utf-8,
or it can be binary
or ascii
.
For this, we need to use the update()
function on a hash object:
hash.update([data to be hashed], [encoding-type] )
hash_update = hash.update(‘my super secret data’, ‘utf-8’)
Step-4: Create the hash digest in required format
Once we set the data to be hashed, now we can easliy create the hash with the digest
funciton on the object, which is returned from the update()
call. This digest
takes a parameter, which asks for the format the hash to be generated in, this can be hex
.
generated_hash= hash_update.digest([format])
After the above step, the generated_hash
variable will have the final hash on data provided and the algorighm used.
Summary
Now the above steps can be merged into single chained calls, as follows:
generated_hash = require(‘crypto’)
.createHash('md5')
.update(‘my super secret data’, 'utf8')
.digest('hex')
Generating Hash for the File
For generating a file, we need to read chunks of file stream data and create a hash from that chunk accordingly.
var md5sum = crypto.createHash('md5');
var s = fs.ReadStream(filename);
s.on('data', function(d) {
md5sum.update(d);
});
s.on('end', function() {
var generated_hash = md5sum.digest('hex');
console.log( 'Generated Hash for file ' +generated_hash);
});
Using the npm Module
Now the above steps can be simplified with use of the npm modules available, such as md5 or sha1, which will generate a hash using md5
and sha1
algorithm.
These modules do not use the functions provided from the crypto
module. Rather, it implements other crypto libraries such as CryptoJS
. These modules simplify the steps of creating a hash with just one simple function.
Using md5
First, you will need this module with the following command in the project directory:npm install md5
Here's how to use it:
var md5 = require(‘md5’);
var msg = “super secret code”;
var hash = md5(msg);
Using sha1
Install the module with the following command, again executed in the project directory:npm install sha1
Here's how to use it:
var sha1 = require(‘sha1’);
var msg = “super secret code”;
var hash = sha1(msg);
Published at DZone with permission of Abhijeet Sutar, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments