[英]How to get HMAC with Crypto Web API
How can I get HMAC-SHA512(key, data) in the browser using Crypto Web API ( window.crypto
)?如何使用 Crypto Web API ( window.crypto
) 在浏览器中获取 HMAC-SHA512(key, data)?
Currently I am using CryptoJS library and it is pretty simple:目前我正在使用 CryptoJS 库,它非常简单:
CryptoJS.HmacSHA512("myawesomedata", "mysecretkey").toString();
Result is 91c14b8d3bcd48be0488bfb8d96d52db6e5f07e5fc677ced2c12916dc87580961f422f9543c786eebfb5797bc3febf796b929efac5c83b4ec69228927f21a03a
.结果是91c14b8d3bcd48be0488bfb8d96d52db6e5f07e5fc677ced2c12916dc87580961f422f9543c786eebfb5797bc3febf796b929efac5c83b4ec69228927f21a03a
.
I want to get rid of extra dependencies and start using Crypto Web API instead.我想摆脱额外的依赖并开始使用 Crypto Web API。 How can I get the same result with it?我怎样才能得到同样的结果?
Answering my own question.回答我自己的问题。 The code below returns the same result as CryptoJS.HmacSHA512("myawesomedata", "mysecretkey").toString();
下面的代码返回与CryptoJS.HmacSHA512("myawesomedata", "mysecretkey").toString();
相同的结果CryptoJS.HmacSHA512("myawesomedata", "mysecretkey").toString();
There are promises everywhere as WebCrypto is asynchronous:由于 WebCrypto 是异步的,所以到处都有承诺:
// encoder to convert string to Uint8Array
var enc = new TextEncoder("utf-8");
window.crypto.subtle.importKey(
"raw", // raw format of the key - should be Uint8Array
enc.encode("mysecretkey"),
{ // algorithm details
name: "HMAC",
hash: {name: "SHA-512"}
},
false, // export = false
["sign", "verify"] // what this key can do
).then( key => {
window.crypto.subtle.sign(
"HMAC",
key,
enc.encode("myawesomedata")
).then(signature => {
var b = new Uint8Array(signature);
var str = Array.prototype.map.call(b, x => ('00'+x.toString(16)).slice(-2)).join("")
console.log(str);
});
});
The following is a copy of the ✅ answer.以下是✅答案的副本。 This time we are using async/await
for clean syntax.这次我们使用async/await
来获得干净的语法。 This approach also offers a base64 encoded digest.这种方法还提供了一个 base64 编码的摘要。
secret
is the secret key that will be used to sign the body
. secret
是用于对body
进行签名的密钥。body
is the string-to-sign. body
是要签名的字符串。enc
is a text encoder that converts the UTF-8 to JavaScript byte arrays. enc
是一种文本编码器,可将 UTF-8 转换为 JavaScript 字节数组。algorithm
is a JS object which is used to identify the signature methods. algorithm
是一个 JS 对象,用于识别签名方法。key
is a CryptoKey . key
是一个CryptoKey 。signature
is the byte array hash. signature
是字节数组哈希。digest
is the base64 encoded signature. digest
是 base64 编码的签名。The JavaScript code follows: JavaScript 代码如下:
(async ()=>{ 'use strict'; let secret = "sec-demo"; // the secret key let enc = new TextEncoder("utf-8"); let body = "GET\\npub-demo\\n/v2/auth/grant/sub-key/sub-demo\\nauth=myAuthKey&g=1&target-uuid=user-1×tamp=1595619509&ttl=300"; let algorithm = { name: "HMAC", hash: "SHA-256" }; let key = await crypto.subtle.importKey("raw", enc.encode(secret), algorithm, false, ["sign", "verify"]); let signature = await crypto.subtle.sign(algorithm.name, key, enc.encode(body)); let digest = btoa(String.fromCharCode(...new Uint8Array(signature))); console.log(digest); })();
The original answer on this page was helpful in a debugging effort earlier today.此页面上的原始答案对今天早些时候的调试工作很有帮助。 We're using it to help identify a bug in our documentation for creating signatures for granting access tokens to use APIs with read/write permissions .我们使用它来帮助识别文档中的错误,该错误用于创建签名以授予访问令牌以使用具有读/写权限的 API 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.