Hash With a Side of JavaScript

DZone 's Guide to

Hash With a Side of JavaScript

With the rise of Node and one-page web applications, crypto is taking center stage once again. You need to be able to support modern crypto with JavaScript - read on to learn how.

· Web Dev Zone ·
Free Resource

We require hashes everywhere, like setting the password in database as hash instead of plain text password, to check whether if file is tampered or not during transmission or checking integrity of file or messages transferred over network, etc.

This small article will give detailed look at creating hash from Node.js core crypto module and later in the article, it shows how we can use the npm modules for same purpose.

Using the Core Module

Node.js provides the built-in core module crypto to do cryptography functionality. This core module provides the wrappers on OpenSSL functions.

To make use of these crypto functions, you will need to keep in mind the following:

  • You will need to have OpenSSL installed on your machine. Many Linux-based machines have openssl installed by default.
  • All functionality depends on version of OpenSSL installed as Node.js just provides wrapper functions on top of OpenSSL functions

You can check for the which algorithms provided with the following command, openssl dgst -h, upon executing command you will get the following:

$ openssl version
OpenSSL 0.9.8zh 14 Jan 2016

$ openssl dgst -h
unknown option '-h'
options are
-c to output the digest with separating colons
-d to output debug info
-hex output as hex dump
-binary output in binary form
-sign file sign digest using private key in file
-verify file verify a signature using public key in file
-prverify file verify a signature using private key in file
-keyform arg key file format (PEM or ENGINE)
-signature file signature to verify
-binary output in binary form
-hmac key create hashed MAC with key
-engine e use engine e, possibly a hardware device.
-md5 to use the md5 message digest algorithm (default)
-md4 to use the md4 message digest algorithm
-md2 to use the md2 message digest algorithm
-sha1 to use the sha1 message digest algorithm
-sha to use the sha message digest algorithm
-sha224 to use the sha224 message digest algorithm
-sha256 to use the sha256 message digest algorithm
-sha384 to use the sha384 message digest algorithm
-sha512 to use the sha512 message digest algorithm
-mdc2 to use the mdc2 message digest algorithm
-ripemd160 to use the ripemd160 message digest algorithm

As you can see from the above, from line 19 to line 29, it shows the algorithms available. So, basically, you can access functions such as hash, hmac, ciper, decipher, sign, etc.

For this article, we will make use of the hash function and how we generate algorithms using Node.js crypto module.


  1. Load crypto module

  2. Create the hash object with specified algorithm

  3. Set the data to be hashed, this can be string, file object, buffer object

  4. Generate the hash in required format

For creating the hash object we can use the following algorithms:

Each algorithms has pros and cons and can be used according to need of application.

Lets go through each step of creating a hash:

Step-1: Load crypto module

var crypto = require(‘crypto’)

Step-2: Create Hash object from crypto

var hash = crypto.createHash([algorith-to-be-used])

Please note how a hash object is created with the factory function provided by the cypto variable and not with the new keyword.

For creating the hash object, you need to provide the algorithm to be used. Mostly the following three are used: md5,sha1, and sha256. You can use any algorithm your OpenSSL provides on your machine.

var hash = crypto.createHash(‘md5’)
var hash = crypto.createHash(‘sha1’)
var hash = crypto.createHash(‘sha256’)

Step-3: Set the data to be hashed

Now, for the hash object, we need to set data to be hashed. This can be a string or file object, and along with the data, we need to specify the encoding type for data. This usually means utf-8, or it can be binary or ascii.

For this, we need to use the update() function on a hash object:

hash.update([data to be hashed], [encoding-type] )
hash_update = hash.update(‘my super secret data’, ‘utf-8’)

Step-4: Create the hash digest in required format

Once we set the data to be hashed, now we can easliy create the hash with the digest funciton on the object, which is returned from the update() call. This digest takes a parameter, which asks for the format the hash to be generated in, this can be hex.

generated_hash= hash_update.digest([format])

After the above step, the generated_hash variable will have the final hash on data provided and the algorighm used.


Now the above steps can be merged into single chained calls, as follows:

generated_hash = require(‘crypto’)
.update(‘my super secret data’, 'utf8')

Generating Hash for the File

For generating a file, we need to read chunks of file stream data and create a hash from that chunk accordingly.

var md5sum = crypto.createHash('md5');

var s = fs.ReadStream(filename);
s.on('data', function(d) {

s.on('end', function() {
var generated_hash = md5sum.digest('hex');
console.log( 'Generated Hash for file ' +generated_hash);

Using the npm Module

Now the above steps can be simplified with use of the npm modules available, such as md5 or sha1, which will generate a hash using md5 and sha1 algorithm.

These modules do not use the functions provided from the crypto module. Rather, it implements other crypto libraries such as CryptoJS. These modules simplify the steps of creating a hash with just one simple function.

Using md5

First, you will need this module with the following command in the project directory:
npm install md5

Here's how to use it: 

var md5 = require(‘md5’); 
var msg = “super secret code”; 
var hash = md5(msg);

Using sha1

Install the module with the following command, again executed in the project directory:
npm install sha1

Here's how to use it: 

var sha1 = require(‘sha1’); 
var msg = “super secret code”; 
var hash = sha1(msg);
cryptography, hash, javascript

Published at DZone with permission of Abhijeet Sutar , DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}