I’ve been in the programming world for quite some time now, and if there’s one thing I can tell you, it’s that data integrity and security are paramount. Today, I’m excited to dive into a topic that’s close to my heart: creating SHA-256 hashes in Node.js. If you’re looking for a way to generate secure and unique identifiers or verify the integrity of data in your Node.js applications, then you’ve hit the jackpot with this blog post. Let’s break it down together, shall we?
Encryption and hashing have served as the foundation for new security modules, among other network security developments. One of the most used hash algorithms is the Secure Hash Algorithm(SHA) with a digest size of 256 bits, or SHA 256. Although there are numerous variations, SHA 256 has been the most often used in practical applications. There are weaker predecessors to SHA3 like MD5, SHA1, SHA2. Interested in knowing the difference between SHA1, SHA2 & SHA3, this will give you a great insight on how SHA has evolved over the years.
SHA 256 is a part of the SHA 2 family of algorithms, where SHA stands for Secure Hash Algorithm. It was a joint effort between the NSA and NIST to introduce a successor to the weaker SHA 1 family. SHA2 was published in 2001 and has been effective ever since.
The hash function generates the same output hash for the same input string. This means that, you can use this string to validate files or text or anything when you pass it across the network or even otherwise. SHA-256 can act as a stamp or for checking if the data is valid or not.
The 256 in the name SHA-256 refers to the final hash digest value, meaning that regardless of the amount of plaintext or cleartext, the hash value will always be 256 bits.
For example –
| Input String | Output Hash |
|---|---|
| hi | 8f434346648f6b96df89dda901c5176b10a6d83961dd3c1ac88b59b2dc327aa4 |
| debugpointer | ce7a00e4bf3e576bceb605c846923a634051ca695ff8a3270af998959e72d265 |
| computer science is amazing! I love it. | a3f2b30d5d6ef9006dd09741aa90d595d8a90666f3fc3c3ae4bf1c1e9a8e3042 |
If you want to generate SHA-256 checksum in JavaScript i.e., client side (browser), please follow this article – Create SHA-256 Hash in JavaScript
Node.js crypto module provides cryptographic functions to help you secure code and data in Node.js. It includes a set of wrappers for OpenSSL’s hash, HMAC, cipher, decipher, sign, and verify functions.
crypto is built into Node.js, so there is not configuration or custom implementation needed.
For creating SHA-256 hash in nodejs script/code, we shall use the default crypto module that comes packaged with nodejs.
Creating SHA-256 Hash of a String
You can either require the crypto module-
const crypto = require("crypto");or also use the modern import to import the crypto module-
import { createHash } from "crypto";import { createHash } from "crypto";
const yourString = "This works";
const hash = createHash("sha256").update(yourString).digest("hex");
console.log(hash);The output of the above script will be an SHA-256 hash when you run the command node index.js in your shell-
e74358db452b245573586b48e96ab3504c019e79fbf15e8572c74370f37579c5Creating SHA-256 Hash of a Password
In case you are looking at creating an SHA-256 hash of a password, which is the most common use-case of hashing, you can use the createHash function and update the password variable and create a hex digest of it.
Here is an example of creating SHA-256 hash of a password variable.
import { createHash } from "crypto";
const password = "Hello@123";
const passhash = createHash("sha256").update(password).digest("hex");
console.log(passhash);The output of the above script will be an SHA-256 hash when you run the command node index.js in your shell-
99f2bdf9942653ab32d9dfa0b43c72c3fbbb9679450fd965c590c224897b848aPasswords can also be SHA-256 hashed in the frontend JavaScript, but, its not advised to do it in the frontend, as your hash is now known to the attacker, eventually leading to a security breach.
The above code just produced SHA256 hash of the string alone, but, to strengthen the security you can also generate SHA256 hash with salt as well.
If you looking to create an SHA-256 hash of a file, please follow the article where we discuss as to how to read a file buffer and create the hash.
Prefer SHA-256 or SHA-512 or other superior cryptographic hash functions for creating a hash for passwords, integrity verification.
It’s as simple as that! You do not need any fancy npm library for creating an SHA-256 hash in Node.js.
I’m glad that you found the content useful. And there we have it, folks! We’ve gone through the ins and outs of creating a SHA-256 hash in Node.js together. I sincerely hope you found this walkthrough illuminating. Remember, in this digital age, ensuring the integrity and security of your data is more than just an afterthought—it’s a necessity. With the knowledge you’ve gained here, you’re now equipped to add an extra layer of security to your Node.js applications. As always, don’t hesitate to delve deeper, experiment, and push the boundaries of what you can do with your newfound knowledge. Keep coding and stay curious, my friends! Happy Coding.
