CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-crypto-js

JavaScript library of crypto standards providing comprehensive cryptographic algorithms including hashing, encryption, HMAC, and encoding utilities.

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

hmac.mddocs/

HMAC Authentication

Hash-based Message Authentication Code (HMAC) functions for message authentication and integrity verification. HMAC combines a cryptographic hash function with a secret key to provide authentication and protect against tampering.

Capabilities

HMAC-MD5

HMAC using MD5 hash function (not recommended for security-critical applications).

/**
 * Computes HMAC using MD5 hash function
 * @param message - String or WordArray message to authenticate
 * @param key - String or WordArray secret key
 * @returns WordArray containing the HMAC
 */
CryptoJS.HmacMD5(message, key)

HMAC-SHA1

HMAC using SHA-1 hash function (deprecated for security-critical applications).

/**
 * Computes HMAC using SHA-1 hash function
 * @param message - String or WordArray message to authenticate
 * @param key - String or WordArray secret key
 * @returns WordArray containing the HMAC
 */
CryptoJS.HmacSHA1(message, key)

Usage Example:

var CryptoJS = require("crypto-js");

var message = "Hello World";
var key = "secret-key";

var hmac = CryptoJS.HmacSHA1(message, key);
console.log(hmac.toString()); // hex string
console.log(hmac.toString(CryptoJS.enc.Base64)); // base64 string

HMAC-SHA224

HMAC using SHA-224 hash function.

/**
 * Computes HMAC using SHA-224 hash function
 * @param message - String or WordArray message to authenticate
 * @param key - String or WordArray secret key
 * @returns WordArray containing the HMAC
 */
CryptoJS.HmacSHA224(message, key)

HMAC-SHA256

HMAC using SHA-256 hash function. Recommended for most applications.

/**
 * Computes HMAC using SHA-256 hash function
 * @param message - String or WordArray message to authenticate
 * @param key - String or WordArray secret key
 * @returns WordArray containing the HMAC
 */
CryptoJS.HmacSHA256(message, key)

Usage Example:

var CryptoJS = require("crypto-js");

// API signature verification
var message = "GET /api/users";
var secretKey = "api-secret-key";

var signature = CryptoJS.HmacSHA256(message, secretKey);
console.log("API Signature:", signature.toString());

// Verify signature
function verifySignature(message, key, expectedSignature) {
    var computedSignature = CryptoJS.HmacSHA256(message, key);
    return computedSignature.toString() === expectedSignature;
}

var isValid = verifySignature(message, secretKey, signature.toString());
console.log("Signature valid:", isValid);

HMAC-SHA384

HMAC using SHA-384 hash function.

/**
 * Computes HMAC using SHA-384 hash function
 * @param message - String or WordArray message to authenticate
 * @param key - String or WordArray secret key
 * @returns WordArray containing the HMAC
 */
CryptoJS.HmacSHA384(message, key)

HMAC-SHA512

HMAC using SHA-512 hash function for applications requiring maximum security.

/**
 * Computes HMAC using SHA-512 hash function
 * @param message - String or WordArray message to authenticate
 * @param key - String or WordArray secret key
 * @returns WordArray containing the HMAC
 */
CryptoJS.HmacSHA512(message, key)

Usage Example:

var CryptoJS = require("crypto-js");

// JWT-style token signing
function createToken(payload, secret) {
    var header = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse('{"alg":"HS512","typ":"JWT"}'));
    var payloadStr = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(JSON.stringify(payload)));
    var message = header + "." + payloadStr;
    
    var signature = CryptoJS.HmacSHA512(message, secret);
    return message + "." + signature.toString(CryptoJS.enc.Base64);
}

var token = createToken({userId: 123, exp: Date.now() + 86400000}, "jwt-secret");
console.log("JWT Token:", token);

HMAC-SHA3

HMAC using SHA-3 (Keccak) hash function.

/**
 * Computes HMAC using SHA-3 hash function
 * @param message - String or WordArray message to authenticate
 * @param key - String or WordArray secret key
 * @returns WordArray containing the HMAC
 */
CryptoJS.HmacSHA3(message, key)

HMAC-RIPEMD160

HMAC using RIPEMD-160 hash function.

/**
 * Computes HMAC using RIPEMD-160 hash function
 * @param message - String or WordArray message to authenticate
 * @param key - String or WordArray secret key
 * @returns WordArray containing the HMAC
 */
CryptoJS.HmacRIPEMD160(message, key)

Common HMAC Patterns

API Request Signing

var CryptoJS = require("crypto-js");

function signApiRequest(method, path, body, timestamp, secretKey) {
    // Create string to sign
    var stringToSign = method + "\n" + path + "\n" + body + "\n" + timestamp;
    
    // Generate HMAC signature
    var signature = CryptoJS.HmacSHA256(stringToSign, secretKey);
    
    return {
        signature: signature.toString(),
        timestamp: timestamp
    };
}

// Usage
var signature = signApiRequest("POST", "/api/data", '{"key":"value"}', Date.now(), "secret");
console.log("Authorization: HMAC-SHA256 " + signature.signature);

Message Integrity Verification

var CryptoJS = require("crypto-js");

function createMessage(data, key) {
    var message = JSON.stringify(data);
    var hmac = CryptoJS.HmacSHA256(message, key);
    
    return {
        data: data,
        hmac: hmac.toString()
    };
}

function verifyMessage(messageObj, key) {
    var expectedHmac = CryptoJS.HmacSHA256(JSON.stringify(messageObj.data), key);
    return expectedHmac.toString() === messageObj.hmac;
}

// Usage
var key = "integrity-key";
var secureMessage = createMessage({id: 1, value: "important data"}, key);
var isValid = verifyMessage(secureMessage, key);
console.log("Message integrity:", isValid ? "verified" : "compromised");

Progressive HMAC Computation

var CryptoJS = require("crypto-js");

// For large messages or streaming data
var hmac = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, "secret-key");
hmac.update("First part of message");
hmac.update("Second part of message");
hmac.update("Final part of message");

var result = hmac.finalize();
console.log("Progressive HMAC:", result.toString());

// Equivalent to:
var directHmac = CryptoJS.HmacSHA256("First part of messageSecond part of messageFinal part of message", "secret-key");
console.log("Direct HMAC:", directHmac.toString());
console.log("Results match:", result.toString() === directHmac.toString());

Key Derivation for HMAC

var CryptoJS = require("crypto-js");

// Derive HMAC key from password
function deriveHmacKey(password, salt) {
    return CryptoJS.PBKDF2(password, salt, {
        keySize: 256/32,  // 256-bit key
        iterations: 10000
    });
}

// Usage with derived key
var password = "user-password";
var salt = CryptoJS.lib.WordArray.random(128/8);
var derivedKey = deriveHmacKey(password, salt);

var message = "Authenticated message";
var hmac = CryptoJS.HmacSHA256(message, derivedKey);

console.log("Salt:", salt.toString());
console.log("HMAC with derived key:", hmac.toString());

Types

// HMAC Algorithm Interface
HMAC {
  init(hasher, key): HMAC;        // Initialize with hasher and key
  update(messageUpdate): HMAC;    // Add data to HMAC computation
  finalize(messageUpdate?): WordArray; // Compute final HMAC
  reset(): void;                  // Reset HMAC state
  clone(): HMAC;                  // Clone HMAC instance
}

// All HMAC functions return WordArray with these methods:
WordArray {
  toString(encoder?): string;     // Convert to string (hex by default)
  words: number[];                // Raw 32-bit word array
  sigBytes: number;              // Significant bytes count
}

Install with Tessl CLI

npx tessl i tessl/npm-crypto-js

docs

cipher-config.md

encoding.md

encryption.md

hash-functions.md

hmac.md

index.md

key-derivation.md

tile.json