我想创建一个我爱纸杯蛋糕哈希(签名与密钥abcdeg)
我如何创建哈希,使用Node.js Crypto?
crypto文档:http://nodejs.org/api/crypto.html
const crypto = require('crypto')
const text = 'I love cupcakes'
const key = 'abcdeg'
crypto.createHmac('sha1', key)
.update(text)
.digest('hex')
几年前,有人说update()和digest()是遗留方法,并引入了新的流API方法。现在,文档表明这两种方法都可以使用。例如:
var crypto = require('crypto');
var text = 'I love cupcakes';
var secret = 'abcdeg'; //make this your secret!!
var algorithm = 'sha1'; //consider using sha256
var hash, hmac;
// Method 1 - Writing to a stream
hmac = crypto.createHmac(algorithm, secret);
hmac.write(text); // write in to the stream
hmac.end(); // can't read from the stream until you call end()
hash = hmac.read().toString('hex'); // read out hmac digest
console.log("Method 1: ", hash);
// Method 2 - Using update and digest:
hmac = crypto.createHmac(algorithm, secret);
hmac.update(text);
hash = hmac.digest('hex');
console.log("Method 2: ", hash);
在节点v6.2.2和v7.7.2上进行了测试
见https://nodejs.org/api/crypto.html # crypto_class_hmac。给出使用流方法的更多示例。
Gwerder的解决方案不会工作,因为hash = hmac.read();在流完成最终确定之前发生。这就是AngraX的问题所在。还有hmac。Write语句在本例中不需要。
而是这样做:
var crypto = require('crypto');
var hmac;
var algorithm = 'sha1';
var key = 'abcdeg';
var text = 'I love cupcakes';
var hash;
hmac = crypto.createHmac(algorithm, key);
// readout format:
hmac.setEncoding('hex');
//or also commonly: hmac.setEncoding('base64');
// callback is attached as listener to stream's finish event:
hmac.end(text, function () {
hash = hmac.read();
//...do something with the hash...
});
更正式的说法是,如果你愿意的话
hmac.end(text, function () {
可以写成
hmac.end(text, 'utf8', function () {
因为在这个例子中,text是一个utf字符串
尽管有所有签名和验证哈希算法的示例代码,但我仍然需要进行一些实验和调整才能使其工作。这是我的工作样本,我相信它涵盖了所有的边缘情况。
它是URL安全的(即不需要编码),它需要一个过期时间,并且不会意外抛出异常。有一个对Day.js的依赖,但是你可以用另一个日期库替换它,或者滚动你自己的日期比较。
用TypeScript编写:
// signature.ts
import * as crypto from 'crypto';
import * as dayjs from 'dayjs';
const key = 'some-random-key-1234567890';
const replaceAll = (
str: string,
searchValue: string,
replaceValue: string,
) => str.split(searchValue).join(replaceValue);
const swap = (str: string, input: string, output: string) => {
for (let i = 0; i < input.length; i++)
str = replaceAll(str, input[i], output[i]);
return str;
};
const createBase64Hmac = (message: string, expiresAt: Date) =>
swap(
crypto
.createHmac('sha1', key)
.update(`${expiresAt.getTime()}${message}`)
.digest('hex'),
'+=/', // Used to avoid characters that aren't safe in URLs
'-_,',
);
export const sign = (message: string, expiresAt: Date) =>
`${expiresAt.getTime()}-${createBase64Hmac(message, expiresAt)}`;
export const verify = (message: string, hash: string) => {
const matches = hash.match(/(.+?)-(.+)/);
if (!matches) return false;
const expires = matches[1];
const hmac = matches[2];
if (!/^\d+$/.test(expires)) return false;
const expiresAt = dayjs(parseInt(expires, 10));
if (expiresAt.isBefore(dayjs())) return false;
const expectedHmac = createBase64Hmac(message, expiresAt.toDate());
// Byte lengths must equal, otherwise crypto.timingSafeEqual will throw an exception
if (hmac.length !== expectedHmac.length) return false;
return crypto.timingSafeEqual(
Buffer.from(hmac),
Buffer.from(expectedHmac),
);
};
你可以这样使用它:
import { sign, verify } from './signature';
const message = 'foo-bar';
const expiresAt = dayjs().add(1, 'day').toDate();
const hash = sign(message, expiresAt);
const result = verify(message, hash);
expect(result).toBe(true);
推荐文章
- 在ASP中使用jQuery渲染局部视图。NET MVC
- SHA512 vs. Blowfish和Bcrypt
- 一个用于膨胀/收缩(抵消,缓冲)多边形的算法
- 如何提取扩展从文件名字符串在Javascript?
- 在JavaScript中获取字符串中破折号后面的所有内容
- 当我运行' npm install '时,它返回' ERR!代码EINTEGRITY ' (npm 5.3.0)
- SystemJS和Webpack有什么不同?
- 如何使用jQuery去一个URL ?
- 停止/关闭由navigator.mediaDevices.getUserMedia打开的网络摄像头流
- Jquery禁用表单提交进入
- Javascript数组搜索和删除字符串?
- 如何复制对象属性在另一个对象?
- 如何绕过Access-Control-Allow-Origin?
- 我如何使用Node.js Crypto创建HMAC-SHA1哈希?
- JavaScript获取滚动窗口的X/Y位置
