暂时假设这是在浏览器扩展程序中完成或本地运行。我的使用案例是,我想要使用 HMAC(key, data) 用一个密码密钥对一些数据进行哈希处理。但是密钥是随机位,不是文本或其他可读格式。我认为最好的方法是将密钥转换为十六进制或base64格式,然后输入到哈希函数中。
有一个JavaScript库可以实现这个功能,那就是jsSHA。它可以接受16进制、base64和文本类型的输入作为密钥和文本。不幸的是,该库只支持当前的SHA算法,而我需要一些不同的算法,如SHA3或Skein。
我研究过使用CryptoJS和jsDigest,但似乎它们不允许使用16进制或base64格式的输入,只能是文本。
https://code.google.com/p/crypto-js/
https://github.com/coiscir/jsdigest
有没有其他的库可以使用十六进制/base64输入来进行HMAC计算?
以上这些库是否可以轻松修改以允许使用十六进制/base64输入?
更新
正如@owlstead提到的那样,您确实可以使用CryptoJS来加载十六进制/base64作为输入。我已添加了一些测试,使用十六进制/文本中的所有密钥/消息组合。
// Test CryptoJS
// CryptoJS.HmacSHA512("Message", "Secret Passphrase");
var wordsKey = CryptoJS.enc.Hex.parse('001122334455');
var wordsMsg = CryptoJS.enc.Hex.parse('aabbccddeeff');
var hash = CryptoJS.HmacSHA512(wordsMsg, wordsKey);
var output = hash.toString(CryptoJS.enc.Hex);
console.log('CryptoJS hex msg and hex key ' + output);
var wordsKey = CryptoJS.enc.Hex.parse('001122334455');
var wordsMsg = CryptoJS.enc.Latin1.parse('aabbccddeeff'); // or simply use string 'aabbccddeeff'
var hash = CryptoJS.HmacSHA512(wordsMsg, wordsKey);
var output = hash.toString(CryptoJS.enc.Hex);
console.log('CryptoJS text msg and hex key ' + output);
var wordsKey = CryptoJS.enc.Latin1.parse('001122334455'); // or simply use string '001122334455'
var wordsMsg = CryptoJS.enc.Hex.parse('aabbccddeeff');
var hash = CryptoJS.HmacSHA512(wordsMsg, wordsKey);
var output = hash.toString(CryptoJS.enc.Hex);
console.log('CryptoJS hex msg and text key ' + output);
var wordsKey = CryptoJS.enc.Latin1.parse('001122334455'); // or simply use string '001122334455'
var wordsMsg = CryptoJS.enc.Latin1.parse('aabbccddeeff');
var hash = CryptoJS.HmacSHA512(wordsMsg, wordsKey);
var output = hash.toString(CryptoJS.enc.Hex);
console.log('CryptoJS text msg and text key ' + output);
// Test jsSHA
// jsSHA(srcString, inputFormat)
// getHMAC(key, inputFormat, variant, outputFormat)
var shaObj = new jsSHA("aabbccddeeff", "HEX");
var hmac = shaObj.getHMAC("001122334455", "HEX", "SHA-512", "HEX");
console.log('jsSHA hex msg and hex key ' + hmac);
var shaObj = new jsSHA("aabbccddeeff", "TEXT");
var hmac = shaObj.getHMAC("001122334455", "HEX", "SHA-512", "HEX");
console.log('jsSHA text msg and hex key ' + hmac);
var shaObj = new jsSHA("aabbccddeeff", "HEX");
var hmac = shaObj.getHMAC("001122334455", "TEXT", "SHA-512", "HEX");
console.log('jsSHA hex msg and text key ' + hmac);
var shaObj = new jsSHA("aabbccddeeff", "TEXT");
var hmac = shaObj.getHMAC("001122334455", "TEXT", "SHA-512", "HEX");
console.log('jsSHA text msg and text key ' + hmac);
// Test PHP hash_hmac
// string hash_hmac( string $algo , string $data , string $key)
echo 'PHP hash_hmac hex msg and hex key ' . hash_hmac('sha512', "\xaa\xbb\xcc\xdd\xee\xff", "\x00\x11\x22\x33\x44\x55") . '<br>';
echo 'PHP hash_hmac text msg and hex key ' . hash_hmac('sha512', "aabbccddeeff", "\x00\x11\x22\x33\x44\x55") . '<br>';
echo 'PHP hash_hmac hex msg and text key ' . hash_hmac('sha512', "\xaa\xbb\xcc\xdd\xee\xff", "001122334455") . '<br>';
echo 'PHP hash_hmac text msg and text key ' . hash_hmac('sha512', "aabbccddeeff", "001122334455") . '<br>';
输出结果如下:
CryptoJS hex msg and hex key 61980b30fed7674f4afae84e32e04d651e8e4b98eb48fde99e9779bb3af6072e56c0b75bb6356fe7bb9d2702d1c4b59eefc987449e8c6275549a6140338be4dd
CryptoJS text msg and hex key afd32064dea61ce40d6f3ccebe9c05d094115f8269c5df7909bc98ccaf43103e1e114ac5b32bb3ebbffa70877992de8814573a6a1b2f3de78bcd17e5807b761d
CryptoJS hex msg and text key 2bc3457beeff6a78d0314d4c3fe7bfa8b185680ececd4573f6d966ade44747d8ac59b75269d034970766aec5265b7fef73d55271f38f62e083f541ca0d679d50
CryptoJS text msg and text key 21ed161ce382581dca99ea41cf8858aa13244eb7edb48ca4cd877b7c925daaf88e70de1339e16bf63c154f6f98a28bdeab6df9a4a69625cba34008368149e22b
jsSHA hex msg and hex key 61980b30fed7674f4afae84e32e04d651e8e4b98eb48fde99e9779bb3af6072e56c0b75bb6356fe7bb9d2702d1c4b59eefc987449e8c6275549a6140338be4dd
jsSHA text msg and hex key afd32064dea61ce40d6f3ccebe9c05d094115f8269c5df7909bc98ccaf43103e1e114ac5b32bb3ebbffa70877992de8814573a6a1b2f3de78bcd17e5807b761d
jsSHA hex msg and text key 2bc3457beeff6a78d0314d4c3fe7bfa8b185680ececd4573f6d966ade44747d8ac59b75269d034970766aec5265b7fef73d55271f38f62e083f541ca0d679d50
jsSHA text msg and text key 21ed161ce382581dca99ea41cf8858aa13244eb7edb48ca4cd877b7c925daaf88e70de1339e16bf63c154f6f98a28bdeab6df9a4a69625cba34008368149e22b
PHP hash_hmac hex msg and hex key 61980b30fed7674f4afae84e32e04d651e8e4b98eb48fde99e9779bb3af6072e56c0b75bb6356fe7bb9d2702d1c4b59eefc987449e8c6275549a6140338be4dd
PHP hash_hmac text msg and hex key afd32064dea61ce40d6f3ccebe9c05d094115f8269c5df7909bc98ccaf43103e1e114ac5b32bb3ebbffa70877992de8814573a6a1b2f3de78bcd17e5807b761d
PHP hash_hmac hex msg and text key 2bc3457beeff6a78d0314d4c3fe7bfa8b185680ececd4573f6d966ade44747d8ac59b75269d034970766aec5265b7fef73d55271f38f62e083f541ca0d679d50
PHP hash_hmac text msg and text key 21ed161ce382581dca99ea41cf8858aa13244eb7edb48ca4cd877b7c925daaf88e70de1339e16bf63c154f6f98a28bdeab6df9a4a69625cba34008368149e22b
一切看起来都是合法的。