ktonon / elm-crypto / Crypto.HMAC

Compute HMAC SHA message digests.

digest : Hash -> Key -> Message -> String

HMAC digest using UTF-8 strings as input.

Outputs bytes encoded as a hexadecimal string. Prefer this function when your key and message are UTF-8 encoded strings.

Crypto.HMAC.digest sha256 "key" "The quick brown fox jumps over the lazy dog"
--> "f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8"

Crypto.HMAC.digest sha512 "key" "I ❤ cheese"
--> "a885c96140f95cb0b326306edfba49afbb5d38d3a7ed6ccfd67153429cbd3c56d0c514fcaa53b710bb7ba6cc0dfedfdb4d53795acbeb48eb23aa93e5ce9760dd"


type alias Key =
String

Secret key


type alias Message =
String

Message to be hashed

Input and Output as Bytes

digestBytes : Hash -> KeyBytes -> MessageBytes -> List Basics.Int

HMAC digest using raw bytes as input and output.

Prefer digest when your key and message are UTF-8 strings. This function (digestBytes) is unsafe, in that it does not ensure each Int fits into an 8-bit value.

Prefer digestBytes when you need to chain digests. That is, to use the output of a digest as the input (either key or message) to another digest.

See the AWS Signature V4 Example for an explanation of the following algorithm:

import Word.Bytes as Bytes
import Word.Hex as Hex

let
    digest =
        \message key ->
            Crypto.HMAC.digestBytes sha256
                key
                (Bytes.fromUTF8 message)
in
("AWS4" ++ "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY")
    |> Bytes.fromUTF8
    |> digest "20150830"
    |> digest "us-east-1"
    |> digest "service"
    |> digest "aws4_request"
    |> digest "AWS4-HMAC-SHA256\n20150830T123600Z\n20150830/us-east-1/service/aws4_request\n816cd5b414d056048ba4f7c5386d6e0533120fb1fcfa93762cf0fc39e2cf19e0"
    |> Hex.fromByteList
--> "b97d918cfa904a5beff61c982a1b6f458b799221646efd99d3219ec94cdf2500"


type alias KeyBytes =
List Basics.Int

Secret key, as a list of bytes.

You must ensure each Int is an 8-bit value.


type alias MessageBytes =
List Basics.Int

Message to be hashed, as a list of bytes.

You must ensure each Int is an 8-bit value.

Hash Algorithms


type Hash

Type of hash algorithm.

sha224 : Hash

Use SHA224 as the hash algorithm.

sha256 : Hash

Use SHA256 as the hash algorithm.

sha384 : Hash

Use SHA384 as the hash algorithm.

sha512 : Hash

Use SHA512 as the hash algorithm.

sha512_224 : Hash

Use SHA512/224 as the hash algorithm.

sha512_256 : Hash

Use SHA512/256 as the hash algorithm.