How can I implement HMAC Hash-based Message Authentication Code to verify the integrity of sensitive messages in Node js

Question

I need to ensure the integrity and authenticity of sensitive messages in my Node.js application by using HMAC. I understand HMAC can add a layer of security to messages, but I’m not sure how to set it up correctly in Node.

Could someone provide an example of implementing HMAC in Node.js, especially focusing on choosing a secure hashing algorithm and key management? Any best practices would be helpful.

CaLLmeDaDDY · Answer 1 · Nov 6

To securely verify the integrity of messages using HMAC (Hash-based Message Authentication Code) in Node.js, both the sender and receiver need to share a secret key and the original data. The HMAC process ensures that the data hasn't been altered and is authentic.

Steps for Implementing HMAC in Node.js

1. Sender Side (Creating the HMAC)

The sender uses the shared secret key and the data to generate the HMAC. This is done using Node.js's crypto.createHmac() method.

const crypto = require('crypto');

const secret = 'abcdefg'; // The shared secret key
const message = 'I love cupcakes'; // The data to be authenticated

// Create the HMAC using SHA-256 (or any secure hash function)
const hash = crypto.createHmac('sha256', secret)
               .update(message)
               .digest('hex'); // Digest the HMAC as a hexadecimal string

console.log('Generated HMAC:', hash); // This HMAC will be sent with the message

2. Receiver Side (Verifying the HMAC): The receiver verifies the integrity of the received data by recalculating the HMAC with the same secret key and data. If the hashes match, it confirms that the data has not been tampered with.

const receivedHmac = 'received-hmac-from-sender'; // The HMAC received from the sender
const receivedMessage = 'I love cupcakes'; // The received message

// Recalculate the HMAC using the same secret and data
const calculatedHmac = crypto.createHmac('sha256', secret)
                               .update(receivedMessage)
                               .digest('hex');

// Compare the calculated HMAC with the received one
if (calculatedHmac === receivedHmac) {
  console.log('Message integrity verified');
} else {
  console.log('Message integrity check failed');
}

How can I implement HMAC Hash-based Message Authentication Code to verify the integrity of sensitive messages in Node js

Your comment on this question:

1 answer to this question.

Your answer

Your comment on this answer:

Related Questions In Cyber Security & Ethical Hacking

What are the current and correct repositories for ParrotSec OS, and how do i set them so that I can upgrade to the newest ParrotSec OS in VMware Workstation15?

What is the role of WHOIS data in DNS footprinting and how can I automate retrieval?

How can I implement basic input validation in Java to prevent common web vulnerabilities?

What is the role of DNSSEC in footprinting, and how can I query it programmatically?

How do you decrypt a ROT13 encryption on the terminal itself?

How does the LIMIT clause in SQL queries lead to injection attacks?

Is it safe to use string concatenation for dynamic SQL queries in Python with psycopg2?

How can I use Python for web scraping to gather information during reconnaissance?

How can I securely implement AES-256-CBC encryption in Node.js using the crypto module, ensuring proper key and IV management?

How can I implement protection against brute force login attacks using Node.js and Redis to temporarily block users after repeated failed attempts?

Subscribe to our Newsletter, and get personalized recommendations.

TRENDING CERTIFICATION COURSES

TRENDING MASTERS COURSES

COMPANY

WORK WITH US

DOWNLOAD APP

CATEGORIES

CATEGORIES

TRENDING BLOG ARTICLES

TRENDING BLOG ARTICLES