typescript crypto-js how to hash data using sha256 algorithm and key

Asked 12/2, 2020 at 10:21 Answered 11/7, 2023 at 13:35

Solved javascript typescript encryption cryptography

I am using typescript version 3.7.2 to encrypt data using crypto-js.

Algorithm - sha256

But my code is generating wrong hashed data.

The code is working fine without using any key to hash data like

CryptoJS.SHA256(message).toString(CryptoJS.enc.Hex)

But when I use key it is doing wrong hashing

Here is the full code. Hope you can help. Thank you in advance

    import CryptoJS from 'crypto-js';

    let order_id = 'order_EFph1itQK4z1NQ',
    let payment_id = 'pay_EFph2XRs3vkaB8',

    let generated_signature = CryptoJS.SHA256(order_id + "|" + payment_id, secret).toString(CryptoJS.enc.Hex);
 // secret is some key

value of generated signature (our end)

1a45e3be48f64911d372bcccd9c4dbe7dca9dab716603e4e80c2e55f701bde7a

The hash value to compare with(sent by payment gateway)

e236e8fe62c54546b85dede32c432d4c73c27157840a8ba67cfc09270b53064a

The hash value generated by online website https://www.freeformatter.com/hmac-generator.html#ad-output

e236e8fe62c54546b85dede32c432d4c73c27157840a8ba67cfc09270b53064a

i.e.Hash value generated by online website and sent by payment gateway is matching, that means there is something wrong about our code. Thank you

Act answered 12/2, 2020 at 10:21 Comment(0)

You are expecting to compute SHA256 HMAC, but you are actually computing the SHA256 hash of the message order_id + "|" + payment_id. The secret argument passed to SHA256 function is ignored.

Replace CryptoJS.SHA256 with CryptoJS.HmacSHA256 and your code will work as expected.

Collazo answered 12/2, 2020 at 13:17 Comment(5)

It just ignores the 2nd argument. In JS you are allowed to pass additional arguments even if the function doesn't declare them. SHA256 is an algorithm that only takes 1 argument - the message to hash. – Collazo 12/2, 2020 at 13:33

I'm not familiar with the library you're using. I noticed that it doesn't provide type declarations by itself, so it's possible that @types/crypto-js is out of sync with the most recent version of the library. – Collazo 12/2, 2020 at 13:40

The official docs don't mention the 2nd argument for any of the hashing functions: cryptojs.gitbook.io/docs/#hashing – Collazo 12/2, 2020 at 13:41

OK, I thought I saw an example where indeed a second parameter for SHA256 was used, but I cannot find it anymore. Probably just confirmation bias from my side. I didn't know that JS simply ignored additional parameters (or forgot about it). Anyway, if you find such an example: use HMAC directly! There is more to HMAC than just SHA-256. – Halvorsen 12/2, 2020 at 13:53

@Collazo how do I solve the problem that you have mentioned @types/crypto-js is out of sync – Act 12/2, 2020 at 14:42

Try this.

import * as CryptoJS from 'crypto-js'

    private _hash(data: string) {
        return CryptoJS.SHA256(CryptoJS.enc.Hex.parse(data)).toString(CryptoJS.enc.Hex);
    }

Maidamaidan answered 11/7, 2023 at 13:35 Comment(1)

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. – Eolic 12/7, 2023 at 19:9

Recommended topics

Hot tags