问题
I can make an HMAC using the following:
var encrypt = crypto.createHmac("SHA256", secret).update(string).digest('base64');
I am trying to decrypt an encoded HMAC with the secret:
var decrypt = crypto.createDecipher("SHA256", secret).update(string).final("ascii");
The following was unsuccessful. How can I decrypt a HMAC with the key?
I get the following error:
node-crypto : Unknown cipher SHA256
crypto.js:155
return (new Decipher).init(cipher, password);
^
Error: DecipherInit error
回答1:
HMAC is a MAC/keyed hash, not a cipher. It's not designed to be decrypted. If you want to encrypt something, use a cipher, like AES, preferably in an authenticated mode like AES-GCM.
The only way to "decrypt" is guessing the whole input and then comparing the output.
回答2:
Again to reiterate hashes aren't designed to be decrypted. However once you have a hash you can check any string is equal to that hash by putting it through the same encryption with the same secret.
var crypto = require('crypto')
var secret = 'alpha'
var string = 'bacon'
var hash = crypto.createHmac('SHA256', secret).update(string).digest('base64');
// => 'IbNSH3Lc5ffMHo/wnQuiOD4C0mx5FqDmVMQaAMKFgaQ='
if (hash === crypto.createHmac('SHA256', secret).update(string).digest('base64')) {
console.log('match') // logs => 'match'
} else {
console.log('no match')
}
Seems obvious, but very powerful.
回答3:
As already been stated by CodesInChaos, HMAC with SHA256 can only be used to hash a value, which is a one-way trip only. If you want to be able to encrypt/decrypt you will have to use a cipher, such as aes or des.
Example on how encryption/decryption:
const crypto = require("crypto");
// key and iv
var key = crypto.createHash("sha256").update("OMGCAT!", "ascii").digest();
var iv = "1234567890123456";
// this is the string we want to encrypt/decrypt
var secret = "ermagherd";
console.log("Initial: %s", secret);
// create a aes256 cipher based on our password
var cipher = crypto.createCipheriv("aes-256-cbc", key, iv);
// update the cipher with our secret string
cipher.update(secret, "ascii");
// save the encryption as base64-encoded
var encrypted = cipher.final("base64");
console.log("Encrypted: %s", encrypted);
// create a aes267 decipher based on our password
var decipher = crypto.createDecipheriv("aes-256-cbc", key, iv);
// update the decipher with our encrypted string
decipher.update(encrypted, "base64");
console.log("Decrypted: %s", decipher.final("ascii"));
Note: You have to save the cipher/decipher into their own variable, and also make sure not to chain .final after .update.
If you want to know what ciphers are available on your system, use the following command:
openssl list-cipher-algorithm
回答4:
Clean-up of code for a Minimalist View and removal of clutter: note: IIFE runnable in node repl "As Is"
!function(){
const crypto = require("crypto");
// key
var key = crypto.createHash("sha256").digest();
// this is the string we want to encrypt/decrypt
var secret = "ermagherd";
console.log("Initial: %s", secret);
// create a aes256 cipher based on our password
var cipher = crypto.createCipher("aes-256-cbc", key);
// update the cipher with our secret string
cipher.update(secret);
// save the encryption
var encrypted = cipher.final();
console.log("Encrypted: %s", encrypted);
// create a aes267 decipher based on our password
var decipher = crypto.createDecipher("aes-256-cbc", key);
// update the decipher with our encrypted string
decipher.update(encrypted);
console.log("Decrypted: %s", decipher.final()); //default is utf8 encoding final("utf8") not needed for default
}()
/* REPL Output
Initial: ermagherd
Encrypted: T)��l��Ʀ��,�'
Decrypted: ermagherd
true
*/
来源:https://stackoverflow.com/questions/14218925/how-can-i-decrypt-a-hmac