Generating a SHA256 HMAC Hash

Mar 24, 2018 · 144 words · 1 minute read

#crypto #sha256 #signature #hash #key #secret #hmac

Generating HMACs (Keyed-Hash Message Authentication Code) are often used as a way of proving data integrity and authenticity. They involve three integrals parts, the algorithm (in our case SHA256), the secret and the data. They a used mainly because data can be checked between two parties without the sharing of the secret.

In go, there’s a convenient library to help us out with this called crypto/hmac and we show an example of how to do this below.

package main

import (
    "crypto/hmac"
    "crypto/sha256"
    "encoding/hex"
    "fmt"
)

func main() {

    secret := "mysecret"
    data := "data"
    fmt.Printf("Secret: %s Data: %s\n", secret, data)

    // Create a new HMAC by defining the hash type and the key (as byte array)
    h := hmac.New(sha256.New, []byte(secret))

    // Write Data to it
    h.Write([]byte(data))

    // Get result and encode as hexadecimal string
    sha := hex.EncodeToString(h.Sum(nil))

    fmt.Println("Result: " + sha)
}

Example:

Generate SHA256 signature

Related Posts

JSON Web Tokens: Authenticating your API – Aug 26, 2019
There are of course many different ways to build authentication into APIs these days - JSON web tokens being just one of them. JSON Web Tokens (JWT) have an inherent advantage over other methods, like Basic Authentication, by working as a token system instead of sending the username and password with every request. To learn more about it, head over to the introduction on jwt.io before we dive straight into it.
Check Element Exists in a Slice – Aug 16, 2019
Go doesn’t have a find or in_array function as part of it’s standard library. They are easy to create however. In this example we create a Find() function to search a slice of strings for the element we are looking for. Cue the “generics” rant from some coders. This is a great example of why they could be useful. We have created our find function, but it only works with strings and you will have to create different find functions for different types - as needed.
Apply Middleware to Your Route Handlers – Mar 30, 2018
Middleware is a term used in many different ways within software development, but we’re referring to it as a way to wrap requests and responses in simple abstracted functions which can be applied to some routes easily. In our example below we’re using an AuthMiddleware to check incoming requests for the correct api key and rejecting them if they don’t. Another good example for this technique is applying headers to responses, if you know the content type of the response, we can set it in middleware.

Image of Author Edd Turtle

Follow @EddTurtle Follow @golangcode

Author: Edd Turtle

Edd is the Lead Developer at Hoowla, a prop-tech startup, where he spends much of his time working on production-ready Go and PHP code. He loves coding, but also enjoys cycling and camping in his spare time.

See something which isn't right? You can contribute to this page on GitHub or just let us know in the comments below - Thanks for reading!