Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
jsSHA implements the complete Secure Hash Standard (SHA) family (SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, SHAKE128/256, cSHAKE128/256, and KMAC128/256) with HMAC
jsSHA is a JavaScript library that provides various cryptographic hash functions and HMAC (Hash-based Message Authentication Code) functionalities. It supports a wide range of hash algorithms including SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512, and SHAKE128/256.
Hashing
This feature allows you to create a hash of a given input text using various algorithms. In this example, SHA-256 is used to hash the input text 'This is my input text' and the result is output in hexadecimal format.
const jsSHA = require('jssha');
const shaObj = new jsSHA('SHA-256', 'TEXT');
shaObj.update('This is my input text');
const hash = shaObj.getHash('HEX');
console.log(hash);
HMAC
This feature allows you to create an HMAC using a specified key and input text. In this example, SHA-256 is used to create an HMAC for the input text 'This is my input text' with the key 'my-secret-key', and the result is output in hexadecimal format.
const jsSHA = require('jssha');
const shaObj = new jsSHA('SHA-256', 'TEXT');
shaObj.setHMACKey('my-secret-key', 'TEXT');
shaObj.update('This is my input text');
const hmac = shaObj.getHMAC('HEX');
console.log(hmac);
SHAKE
This feature allows you to use the SHAKE (Secure Hash Algorithm Keccak) function, which is a variable-length hash function. In this example, SHAKE128 is used with an output length of 256 bits to hash the input text 'This is my input text', and the result is output in hexadecimal format.
const jsSHA = require('jssha');
const shaObj = new jsSHA('SHAKE128', 'TEXT', {shakeLen: 256});
shaObj.update('This is my input text');
const shake = shaObj.getHash('HEX');
console.log(shake);
crypto-js is a widely-used library that provides a variety of cryptographic algorithms including MD5, SHA-1, SHA-256, and more. It is similar to jsSHA in terms of hashing capabilities but also includes additional features like encryption and decryption using AES, DES, and other algorithms.
hash.js is a library that provides a simple and efficient way to compute hash digests using various algorithms like SHA-1, SHA-256, SHA-512, and more. It is similar to jsSHA but focuses solely on hashing without HMAC or other cryptographic functionalities.
node-forge is a comprehensive library that provides a wide range of cryptographic functionalities including hashing, HMAC, encryption, and digital signatures. It is more feature-rich compared to jsSHA, offering additional capabilities like PKI (Public Key Infrastructure) and TLS (Transport Layer Security) support.
A pure TypeScript/JavaScript streaming implementation of the complete Secure Hash Standard (SHA) family (SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, SHAKE128/256, cSHAKE128/256, and KMAC128/256) with HMAC.
More complete documentation can be found on the jsSHA Wiki but below are common use-cases.
Include the desired JavaScript file (sha.js, sha1.js, sha256.js, sha512.js, or sha3.js) in your header:
<script type="text/javascript" src="/path/to/sha.js"></script>
jsSHA is available through NPM and be installed by simply doing
npm install jssha
To use the module, first require it using:
const jsSHA = require("jssha");
/* The limited variant files are also exported (sha1, sha256, sha512, and sha3)
* using conditional subpath exports in Node.js v13+ or using --experimental-modules
* in v12 */
const jsSHA1 = require("jssha/sha1");
/* For Node.js versions that don't support subpath exports, you can do the
* following instead: */
const jsSHA1 = require("jssha/dist/sha1");
/* Alternatively, you can load it as an ESM (Node.js v13+ or using
* --experimental-modules in v12) */
import jsSHA from "jssha";
Instantiate a new jsSHA
object with the desired hash variant, input format,
and options as parameters. The hash variant can be one of SHA-1, SHA-224,
SHA3-224, SHA-256, SHA3-256, SHA-384, SHA3-384, SHA-512, SHA3-512, SHAKE128, or
SHAKE256. The input format can be one of HEX, TEXT, B64, BYTES, ARRAYBUFFER, or
UINT8ARRAY. You can then stream in input using the update
object function,
calling it multiple times if needed. Finally, simply call getHash
with the
output type as a parameter (B64, HEX, BYTES, ARRAYBUFFER, or UINT8ARRAY).
Example to calculate the SHA-512 of "This is a test":
const shaObj = new jsSHA("SHA-512", "TEXT", { encoding: "UTF8" });
/* .update() can be chained */
shaObj.update("This is").update(" a ");
shaObj.update("test");
const hash = shaObj.getHash("HEX");
The constructor takes a hashmap as a optional third argument with defaults
{"encoding" : "UTF8", "numRounds" : 1}
. numRounds
controls the number of
hashing iterations/rounds performed and encoding
specifies the encoding used
to encode TEXT-type inputs. Valid encoding
values are "UTF8", "UTF16BE", and
"UTF16LE".
getHash
also takes a hashmap as an optional second argument with defaults
{"outputUpper" : false, "b64Pad" : "="}
. outputUpper
is only used for "HEX"
outputs and b64Pad
only for "B64" outputs.
Important: SHAKE128 and SHAKE256 require outputLen
to be in the hashmap
where outputLen
is the desired output length of the SHAKE algorithm in a
multiple of 8 bits.
Instantiate a new jsSHA
object similiar to hashing but with the third argument
in the form of { "hmacKey": { "value": VALUE, "format": FORMAT } }
. FORMAT
takes the same values as the input format from hashing and the VALUE is then
either a string
, ArrayBuffer
, or Uint8Array
. You can stream in the input
using the update
object function just like hashing. Finally, get the HMAC by
calling the getHash
function with the output type as its argument. Example to
calculate the SHA-512 HMAC of the string "This is a test" with the key "abc":
const shaObj = new jsSHA("SHA-512", "TEXT", {
hmacKey: { value: "abc", format: "TEXT" },
});
shaObj.update("This is a ");
shaObj.update("test");
const hmac = shaObj.getHash("HEX");
Note: You cannot specify numRounds
with HMAC.
Instantiate a new jsSHA
object similiar to HMAC but first argument being
either "CSHAKE128" or "CSHAKE256" and the third argument in the form of
{ "customization"?: { "value": VALUE, "format": FORMAT }, "funcName"?: { "value": VALUE, "format": FORMAT } }
.
FORMAT takes the same values as the input format from hashing and the VALUE is
then either a string
, ArrayBuffer
, or Uint8Array
. Per the NIST
specification, both customization
and funcName
are optional. You can stream
in the input using the update
object function just like hashing. Finally, get
the hash by calling the getHash
function with the output type and length as
arguments. Example to calculate the cSHAKE128 of the string "This is a test"
with the customization string "My Tagged Application" and an output size of
256-bits.
const shaObj = new jsSHA("CSHAKE128", "TEXT", {
customization: { value: "My Tagged Application", format: "TEXT" },
});
shaObj.update("This is a ");
shaObj.update("test");
const cshake = shaObj.getHash("HEX", { outputLen: 256 });
Note: You cannot specify numRounds
with cSHAKE.
Important: outputLen
is required to be in the hashmap where outputLen
is the desired output length of the cSHAKE algorithm in a multiple of 8 bits.
Instantiate a new jsSHA
object similiar to cSHAKE but first argument being
either "KMAC128" or "KMAC256" and the third argument in the form of
{ "customization"?: { "value": VALUE, "format": FORMAT }, "kmacKey?: { "value": VALUE, "format": FORMAT } }
.
FORMAT takes the same values as the input format from hashing and the VALUE is
then either a string
, ArrayBuffer
, or Uint8Array
. Per the NIST
specification customization
is optional whereas kmacKey
is required. You can
stream in the input using the update
object function just like hashing.
Finally, get the hash by calling the getHash
function with the output type and
length as arguments. Example to calculate the KMAC128 of the string "This is a
test" with the customization string "My Tagged Application", key "abc", and an
output size of 256-bits.
const shaObj = new jsSHA("KMAC128", "TEXT", {
customization: { value: "My Tagged Application", format: "TEXT" },
kmacKey: { value: "abc", format: "TEXT" },
});
shaObj.update("This is a ");
shaObj.update("test");
const kmac = shaObj.getHash("HEX", { outputLen: 256 });
Note: You cannot specify numRounds
with KMAC.
Important: outputLen
is required to be in the hashmap where outputLen
is the desired output length of the KMAC algorithm in a multiple of 8 bits.
The project's website is located at https://caligatio.github.io/jsSHA/
3.3.1 (2023-08-04)
FAQs
jsSHA implements the complete Secure Hash Standard (SHA) family (SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, SHAKE128/256, cSHAKE128/256, and KMAC128/256) with HMAC
The npm package jssha receives a total of 687,748 weekly downloads. As such, jssha popularity was classified as popular.
We found that jssha demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.