Crypto algorithm list

Question

I'm trying to find a list of strings that can be used a a crypto algorithm to fit into this function, replacing SHA256.

crypto.createHmac("SHA256", secret).update(string).digest('base64'),

I've come to the understanding that crypto uses openssl, and that the algorithms are specific to each system running node.js.

With the following commands you can see a list of all algorithms available for your system.

openssl list-cipher-algorithms 
openssl list-cipher-commands 

I've outputted the content of those two commands to this gist.

What bothers me is that SHA256 is not in either of those lists.

I would really like the definitive algorithm list.

Answer 1

The learning here is that ciphers and hashes are different and use different algorithms. With node's crypto use .getCiphers() and .getHashes() methods to return an array with the names of the supported ciphers and hashes respectively.

var crypto = require('crypto')
console.log(crypto.getCiphers())
console.log(crypto.getHashes())

Which logs the following ciphers:

[ 'CAST-cbc',
  'aes-128-cbc',
  'aes-128-cbc-hmac-sha1',
  'aes-128-cfb',
  'aes-128-cfb1',
  'aes-128-cfb8',
  'aes-128-ctr',
  'aes-128-ecb',
  'aes-128-gcm',
  'aes-128-ofb',
  'aes-128-xts',
  'aes-192-cbc',
  'aes-192-cfb',
  'aes-192-cfb1',
  'aes-192-cfb8',
  'aes-192-ctr',
  'aes-192-ecb',
  'aes-192-gcm',
  'aes-192-ofb',
  'aes-256-cbc',
  'aes-256-cbc-hmac-sha1',
  'aes-256-cfb',
  'aes-256-cfb1',
  'aes-256-cfb8',
  'aes-256-ctr',
  'aes-256-ecb',
  'aes-256-gcm',
  'aes-256-ofb',
  'aes-256-xts',
  'aes128',
  'aes192',
  'aes256',
  'bf',
  'bf-cbc',
  'bf-cfb',
  'bf-ecb',
  'bf-ofb',
  'blowfish',
  'camellia-128-cbc',
  'camellia-128-cfb',
  'camellia-128-cfb1',
  'camellia-128-cfb8',
  'camellia-128-ecb',
  'camellia-128-ofb',
  'camellia-192-cbc',
  'camellia-192-cfb',
  'camellia-192-cfb1',
  'camellia-192-cfb8',
  'camellia-192-ecb',
  'camellia-192-ofb',
  'camellia-256-cbc',
  'camellia-256-cfb',
  'camellia-256-cfb1',
  'camellia-256-cfb8',
  'camellia-256-ecb',
  'camellia-256-ofb',
  'camellia128',
  'camellia192',
  'camellia256',
  'cast',
  'cast-cbc',
  'cast5-cbc',
  'cast5-cfb',
  'cast5-ecb',
  'cast5-ofb',
  'des',
  'des-cbc',
  'des-cfb',
  'des-cfb1',
  'des-cfb8',
  'des-ecb',
  'des-ede',
  'des-ede-cbc',
  'des-ede-cfb',
  'des-ede-ofb',
  'des-ede3',
  'des-ede3-cbc',
  'des-ede3-cfb',
  'des-ede3-cfb1',
  'des-ede3-cfb8',
  'des-ede3-ofb',
  'des-ofb',
  'des3',
  'desx',
  'desx-cbc',
  'id-aes128-GCM',
  'id-aes192-GCM',
  'id-aes256-GCM',
  'idea',
  'idea-cbc',
  'idea-cfb',
  'idea-ecb',
  'idea-ofb',
  'rc2',
  'rc2-40-cbc',
  'rc2-64-cbc',
  'rc2-cbc',
  'rc2-cfb',
  'rc2-ecb',
  'rc2-ofb',
  'rc4',
  'rc4-40',
  'rc4-hmac-md5',
  'seed',
  'seed-cbc',
  'seed-cfb',
  'seed-ecb',
  'seed-ofb' ]

And the following hashes:

[ 'DSA',
  'DSA-SHA',
  'DSA-SHA1',
  'DSA-SHA1-old',
  'RSA-MD4',
  'RSA-MD5',
  'RSA-MDC2',
  'RSA-RIPEMD160',
  'RSA-SHA',
  'RSA-SHA1',
  'RSA-SHA1-2',
  'RSA-SHA224',
  'RSA-SHA256',
  'RSA-SHA384',
  'RSA-SHA512',
  'dsaEncryption',
  'dsaWithSHA',
  'dsaWithSHA1',
  'dss1',
  'ecdsa-with-SHA1',
  'md4',
  'md4WithRSAEncryption',
  'md5',
  'md5WithRSAEncryption',
  'mdc2',
  'mdc2WithRSA',
  'ripemd',
  'ripemd160',
  'ripemd160WithRSA',
  'rmd160',
  'sha',
  'sha1',
  'sha1WithRSAEncryption',
  'sha224',
  'sha224WithRSAEncryption',
  'sha256',
  'sha256WithRSAEncryption',
  'sha384',
  'sha384WithRSAEncryption',
  'sha512',
  'sha512WithRSAEncryption',
  'shaWithRSAEncryption',
  'ssl2-md5',
  'ssl3-md5',
  'ssl3-sha1',
  'whirlpool' ]

Here's my settings:

• openssl version is OpenSSL 0.9.8zg 14 July 2015
• node --version is v0.12.4

Answer 2

The openssl docs have a page listing all valid cipher strings: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS

Answer 3

SHA-256 is not a cipher, it is a hash algorithm. That is probably why you didn't find it in a list of ciphers. The same goes for MD5 and all the various SHA algorithms.

Indeed, a hash algorithm is exactly what you need for HMAC. If you want to construct a MAC based on a block cipher, you'll need to use some other construction, such as OMAC/CMAC, PMAC or CBC-MAC.

Answer 4

CAST-cbc
aes-128-cbc

aes-128-cbc-hmac-sha1

aes-128-cfb

aes-128-cfb1

aes-128-cfb8

aes-128-ctr

aes-128-ecb

aes-128-gcm

aes-128-ofb

aes-128-xts

aes-192-cbc

aes-192-cfb

aes-192-cfb1

aes-192-cfb8

aes-192-ctr

aes-192-ecb

aes-192-gcm

aes-192-ofb

aes-256-cbc

aes-256-cbc-hmac-sha1

aes-256-cfb

aes-256-cfb1

aes-256-cfb8

aes-256-ctr

aes-256-ecb

aes-256-gcm

aes-256-ofb

aes-256-xts

aes128

aes192

aes256

bf

bf-cbc

bf-cfb

bf-ecb

bf-ofb

blowfish

camellia-128-cbc

camellia-128-cfb

camellia-128-cfb1

camellia-128-cfb8

camellia-128-ecb

camellia-128-ofb

camellia-192-cbc

camellia-192-cfb

camellia-192-cfb1

camellia-192-cfb8

camellia-192-ecb

camellia-192-ofb

camellia-256-cbc

camellia-256-cfb

camellia-256-cfb1

camellia-256-cfb8

camellia-256-ecb

camellia-256-ofb

camellia128

camellia192

camellia256

cast

cast-cbc

cast5-cbc

cast5-cfb

cast5-ecb

cast5-ofb

des

des-cbc

des-cfb

des-cfb1

des-cfb8

des-ecb

des-ede

des-ede-cbc

des-ede-cfb

des-ede-ofb

des-ede3

des-ede3-cbc

des-ede3-cfb

des-ede3-cfb1

des-ede3-cfb8

des-ede3-ofb

des-ofb

des3

desx

desx-cbc

id-aes128-GCM

id-aes192-GCM

id-aes256-GCM

idea

idea-cbc

idea-cfb

idea-ecb

idea-ofb

rc2

rc2-40-cbc

rc2-64-cbc

rc2-cbc

rc2-cfb

rc2-ecb

rc2-ofb

rc4

rc4-40

rc4-hmac-md5

seed

seed-cbc

seed-cfb

seed-ecb

seed-ofb

Answer 5

I checked all of the cipher strings and everything in my gist and these are the only algo's that work with cipher to create a HMAC.

MD5
SHA
SHA1
SHA256
SHA384