Hướng dẫn hmac algorithm in javascript
[TL;DR] I will easily introduce MAC and HMAC concepts and provide very simple JavaScript sample code that you will be even able to use in your browser console. Show MAC stands for Message Authentication Code, and it also known as tag, and in communications sometimes is substituted by MIC or message integrity code. What is a MAC for?From a general point of view, a MAC is a piece of information that protects a message by:
This is specially important when the message has to travel through unsecured channels. Specific use cases will be listed below. How does MAC work?
Requisites for a secure message authentication codeIt must resist an adversary’s attempt to forge tags for arbitrary, selected or all messages, including under conditions of known- or chosen-message. That is, it must resist the forgery of digital signature. It should be computationally infeasible to compute a valid tag of the given message without knowledge of the key. HMACHMAC (hash-based message authentication code) is a particular type of message authentication code (MAC). As with any MAC, the hash function can be used for both verifying data integrity and authentication of the message. The hash function name is used to term the different MAC functions with the pattern HMAC-X, for example HMAC-SHA256 or HMAC-SHA3–512. JavaScript exampleOpen your browser dev tools to try the following snippets on the console. These snippets should work also with Node.js. This function implements the HMAC-SHA256 version: async function hmacSha256Hex(secret, message) { Using this function is as simple as the following: await hmacSha256Hex( In the previous example, mapping to the MAC explanation, we have that key K has the value “key”, the message M has the value “The quick brown fox jumps over the lazy dog” and the tag T has the value “f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8”. Usage scenarios for HMACSo by now, you should understand how HMAC works — if not, please tell me in the comments which is the obscure part so I can improve it. You may wonder which are particular scenarios for this technology. Well, here are a few of them that will help you when you face different challenges:
|