how to get Hmac code with javascript

javascript jquery hmac sha512
remykits picture remykits · Jun 16, 2013 · Viewed 9.9k times · Source

I can get a hmac sing using Python as following:

import hmac, base64, hashlib

def make_sign():
    hash_data = "data"
    secret = "this is secret"
    sha512 = hashlib.sha512
    hmac_obj = hmac.new(secret, hash_data, sha512)
    str_hash = hmac_obj.digest()
    sign = base64.b64encode(str_hash)
    hex_hash = hmac_obj.hexdigest()
    hex_sign = base64.b64encode(hex_hash)
    print "correct_sign:",sign
    print "hex_digest_sign:",hex_sign
make_sign()

output:

correct_sign: Lg4pXNCIpitNQt2DLU19qWb+FxdsYZlK4LLncfkTzSidrYoFJLNolUziRqh09B5HyRdCTEP7enZp6/Te34FK1g==
hex_digest_sign: MmUwZTI5NWNkMDg4YTYyYjRkNDJkZDgzMmQ0ZDdkYTk2NmZlMTcxNzZjNjE5OTRhZTBiMmU3NzFmOTEzY2QyODlkYWQ4YTA1MjRiMzY4OTU0Y2UyNDZhODc0ZjQxZTQ3YzkxNzQyNGM0M2ZiN2E3NjY5ZWJmNGRlZGY4MTRhZDY=

but with js, I can get hex_digest_sign, but I need to get correct_sign for web request.

function make_request() {
    hash_data = "data"
    secret = "this is secret"
    hmac = hmac_512(hash_data, secret)
    var sign = $.base64.encode(hmac),
    console.log("js_sign="+sign);
}

function hmac_512(message, secret) {
    var hmac = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA512, secret);
    hmac.update(message);
    var hash = hmac.finalize();
    return hash;
}

js output:

js_sign="MmUwZTI5NWNkMDg4YTYyYjRkNDJkZDgzMmQ0ZDdkYTk2NmZlMTcxNzZjNjE5OTRhZTBiMmU3NzFmOTEzY2QyODlkYWQ4YTA1MjRiMzY4OTU0Y2UyNDZhODc0ZjQxZTQ3YzkxNzQyNGM0M2ZiN2E3NjY5ZWJmNGRlZGY4MTRhZDY="

the correct sign is 

correct_sign: Lg4pXNCIpitNQt2DLU19qWb+FxdsYZlK4LLncfkTzSidrYoFJLNolUziRqh09B5HyRdCTEP7enZp6/Te34FK1g==

how to get it in js?

Answer

vincelasal picture vincelasal · Jun 22, 2015

I suspect that you are running into trouble with types and encoding. According to the CryptoJS source, the iterative hashing style that you are using returns a WordArray once you call finalize().

With that, once you go to print the results, you are printing the contents of the WordArray.

The purpose for itterative hashing is typically if you have a large input, you can break it into chunks to work on one piece at a time. Try the below edit I made that removes this as it does not look like you need to iterate.

function hmac_512(message, secret) {
var newHMAC = CryptoJS.HmacSHA256(message, secret);
    return newHMAC;
}

The above will simply return the HMAC in string form which, once Base64 encoded, should match the result you see in Python.

For a working example, you can check out my Google drive encryption service that uses the cryptoJS HMAC. http://meowcrypt.com/

Hope this helps!

Related questions

How do I redirect to another webpage?

How can I redirect the user from one page to another using jQuery or pure JavaScript?

Read More
Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?

Mod note: This question is about why Postman is not subject to CORS restrictions in the same way an XMLHttpRequest is. This question is not about how to fix a "No 'Access-Control-Allow-Origin'..." error. Please stop posting: CORS configurations for every …

Read More
How do I check whether a checkbox is checked in jQuery?

I need to check the checked property of a checkbox and perform an action based on the checked property using jQuery. For example, if the age checkbox is checked, then I need to show a textbox to enter age, else …

Read More