Skip to main content

Crypto

crypto_createHash

Creates a hash digest of the data using the specified algorithm.

Returns the digest as a string in the specified encoding, or as a Buffer if no encoding is provided.

crypto_createHash(algorithm, data, [outputEncoding]);

Arguments :

  • algorithm - identifier of the algorithm e.g. 'md5' or 'sha256' - see Possible algorithms.
  • data - can be any string
  • outputEncoding - 'hex', 'utf8' or 'base64' - with no output encoding the return value is a buffer

Example :

let data = "4fizuma";
let hash = crypto_createHash("md5", data, "hex");
let expected = "034b19f412622e843186d292a1b7010f";

log("expected : ", expected);
log("actual   : ", hash);

Further example see crypto_verify

crypto_createHmac

Creates a hash-based message authentication code (HMAC) for the data using the specified algorithm and key.

Returns the digest as a string in the specified encoding, or as a Buffer if no encoding is provided.

crypto_createHmac(algorithm, key, data, [outputEncoding]);

Arguments :

  • algorithm - identifier of the algorithm e.g. 'md5' or 'sha256' - see Possible algorithms.
  • key - used for encryption - can be any string
  • data - can be any string
  • outputEncoding - 'hex', 'utf8' or 'base64' - with no output encoding the return value is a buffer

Example :

let data = "some-data";
let key = "secret";
let hmac = crypto_createHmac("sha256", key, data, "base64");
let expected = "63nkuj7gEKM1yCqN80HjKaZ9U/O1q7xPCpTlBQ4sBUU=";

log("expected : ", expected);
log("actual   : ", hmac);

crypto_randomBytes

Generates cryptographically secure random bytes.

Returns the bytes as a string in the specified encoding, or as a Buffer if no encoding is provided. Maximum is 100,000 bytes.

crypto_randomBytes(number, [outputEncoding]);

Arguments :

  • number - number of bytes
  • outputEncoding - 'hex', 'utf8' or 'base64' - with no output encoding the return value is a buffer

Example :

let random1 = crypto_randomBytes(10, "hex");
log("random1:", random1);

let random2 = crypto_randomBytes(10).toString("hex");
log("random2:", random2);

crypto_privateEncrypt

Encrypts data using an RSA private key.

crypto_privateEncrypt(private_key, data_to_encrypt, [outputEncoding]);

Arguments :

  • private_key - private rsa key
  • data_to_encrypt - can be any string
  • outputEncoding - 'hex', 'utf8' or 'base64' - with no output encoding the return value is 'hex'

Returns the encrypted data as a string. Default output encoding is hex.

Example :

see crypto_verify

crypto_publicDecrypt

Decrypts data using an RSA public key.

crypto_publicDecrypt(public_key, data_to_decrypt, [inputEncoding], [outputEncoding]);

Arguments :

  • public_key - public rsa key
  • data_to_decrypt - can be any string
  • inputEncoding - 'hex', 'utf8' or 'base64' - with no output encoding the return value is 'hex'
  • outputEncoding - 'hex', 'utf8' or 'base64' - with no output encoding the return value is 'hex'

Returns the decrypted data as a string. Default input encoding is hex, default output encoding is utf8.

Example :

see crypto_verify

crypto_sign

Creates a digital signature for data using the specified algorithm and private key.

crypto_sign(algorithm, private_key, data_to_sign, [outputEncoding]);

Arguments :

  • algorithm - identifier of the algorithm e.g. 'md5' or 'sha256' - see Possible algorithms.
  • private_key - private rsa key
  • data_to_sign - can be any string
  • outputEncoding - 'hex', 'utf8' or 'base64' - with no output encoding the return value is 'hex'

Returns the signature as a string. Default output encoding is hex.

Example :

see crypto_verify

crypto_verify

Verifies a digital signature against the provided data.

crypto_verify(algorithm, public_key, data_to_verify, signature, [inputEncoding]);

Arguments :

  • algorithm - identifier of the algorithm e.g. 'md5' or 'sha256' - see Possible algorithms.
  • public_key - public rsa key
  • data_to_verify - can be any string
  • signature - can be any signature as string
  • inputEncoding - 'hex', 'utf8' or 'base64' - with no input encoding the return value is hex

Returns true if the signature is valid, false otherwise. Default input encoding is hex.

Example :

const algorithm = "sha256";
const payload_str = "Hello World";

const private_key = `-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuPGJ7wBbOVq/baKN7oVuixOGfQ11QWd7iaKsnHwYa2x9vmNR
qVspn8IvTp8nmbVPO/Js2vnhn27NM+c8DSwkiIRqW/EQHj3DzL+kG+SqUZbifnYl
yXif4QU03p5AMgSD7b5H3mpIL0vrCeGy7F7nBZkWPEo6f4E7ECmHFkME0P10Z/Tj
RKnx9D7fPs8e+7/4ACEzwAMhLYCqvYlS8hHqbteqArrHQz5LBHh+jDcnj64z8Ius
sULem0duFCLdcIcTZolMvcDu3iPXGHthMtKluT0PEqlOjn8ZlKh1HBiIBRHLESdE
YM/lt58I92xwLXR7wxT38bMMJCfval1P3nTldQIDAQABAoIBAQCsDvK/arpz6oxL
iD65WGPWeazWLK4Y0hhpnPEviHgDgOSfOrFfeNOJsNPoNkNWSgrT/57sPit8801v
a0JAEwBODbsRnHzdVaMSmnwoAx29WD2RX4OaI2HCq+Ba+ClLH05J4YvlTUWo0t1w
zQxzwXr2h0zbfEdeFjGHwMrPmDwj3QOpYymh5loaUWdnwsG8K4cTCUbvZJwKv8x6
vTM3CN9tkxnuEWZAWqCUKXPZz7/MAUBnhRYzQsMkDU4GNwrvH+N2RCxJrz4cYhon
j97cfSFKL18ezCX8F79Sc14Xp2QGhCxQUu+5zdZxYbBS3jSZ4mN4FlM0snBecs/u
XEJXFt/BAoGBAON+4ZCWMtofyMhXC0lBa50uQLdklAKX0tfeoOCjPNqPdq1CEYlW
3SK2j8TBb2bKa2l0eoipNBIURmzW0DK4kgoBIMLwg9yanThtW9ZT7+EBKsORLSUX
749tqRPR629Xg+6MHB+rF+LjxJD5oK/fbfctSte0nUHkIjWiNPN21cPlAoGBANAd
wwBdigiSu4D7JUSqqs0W+liFwlCy9iZdOk4OI1hbe3mTVrkgmoqlx5sw1PBJ2QlA
ka50DZz7W16Loxnf7gFuNdyUfIkrN/Vx21dGegLou1i8OVPj4S+pJpXbi9vNFwJP
bdaW74Vwua6ipvF5wD4UCINxDdu/IjIUHrwLv6JRAoGBAKx5B13s4YTJUBnDFEVn
mcTCykG/uQ72N919ZY6pc3toBNt6GX18I48rxXewB1tw31pF+pgdX+LNCE9/1Lx/
fgijrkjcu7vGZKfhER0+6cA2eEtoh0d2DCM7SlJCdjIlsVprUu8XcbaMY/xdpNtx
kxcweWtr/UV1RhJPdcGXOJ2ZAoGAKLa50Fd8SoMSJYB8YPuWYHrvTOQWCJ2KJCU2
49BGP+HdvQIDBEKJmTgnXYfnEH8R84prNZrEkwJldJCSvtwc/rCl3to5psgKsXyt
sVw7QFhxVkG0YWICSsWno8eIi96KcsxBK6rpfsx3tt9hE3qDDmHy7Gvwjx3MPcnL
3XPa8JECgYBzuih9bdkX1Dbny4lr+X1SHqFWOoQGebqGGufM3s8msJyxjFkYRETk
Iqgmr8l1r8zUEGTD0LWdMYGlTCFfWxBJRyw6u4gICdWB7w0pkPLk9R1iJiw+a8GK
+EtpzC73DzCMF73RRaiBrRBjl3wT7NZupeVH8z9CeKb3iGD8MVLyBw==
-----END RSA PRIVATE KEY-----
`;

const public_key = `-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPGJ7wBbOVq/baKN7oVu
ixOGfQ11QWd7iaKsnHwYa2x9vmNRqVspn8IvTp8nmbVPO/Js2vnhn27NM+c8DSwk
iIRqW/EQHj3DzL+kG+SqUZbifnYlyXif4QU03p5AMgSD7b5H3mpIL0vrCeGy7F7n
BZkWPEo6f4E7ECmHFkME0P10Z/TjRKnx9D7fPs8e+7/4ACEzwAMhLYCqvYlS8hHq
bteqArrHQz5LBHh+jDcnj64z8IussULem0duFCLdcIcTZolMvcDu3iPXGHthMtKl
uT0PEqlOjn8ZlKh1HBiIBRHLESdEYM/lt58I92xwLXR7wxT38bMMJCfval1P3nTl
dQIDAQAB
-----END PUBLIC KEY-----
`;

log("payload_str", payload_str);

// encode and decode
const encmsg = crypto_privateEncrypt(private_key, payload_str, "hex");
log("encmsg", encmsg);
const decmsg = crypto_publicDecrypt(public_key, encmsg, "hex");
log("decmsg", decmsg);

// sign and verify
const sign_sig = crypto_sign(algorithm, private_key, payload_str, "hex");
log("sign_sig", sign_sig);

const verify_sig = crypto_verify(algorithm, public_key, payload_str, sign_sig, "hex");
log("verify_sig", verify_sig ? "WORKS" : "FAILURE");

// Create a hash from the payload and decrypt the signature
const hash = crypto_createHash(algorithm, payload_str, "hex");
log("hash", hash);
const dec_sig = crypto_publicDecrypt(public_key, sign_sig, "hex", "hex");
log("dec_sig", dec_sig);

Possible algorithms

Possible Values for algorithm

  • DSA
  • DSA-SHA
  • gost-mac
  • streebog512
  • streebog256
  • md_gost94
  • MD4
  • MD5
  • RIPEMD160
  • SHA
  • SHA1
  • SHA224
  • SHA256
  • SHA384
  • SHA512
  • ecdsa-with-SHA1
  • streebog256
  • streebog512
  • whirlpool

On a linux shell this list can be requested with the following command:

openssl list-message-digest-algorithms

Since the automator server is kept up to date on LTS Versions it is possible that there are more algorithms available as at the time of creation of this documentation.