Generating a SHA256 HMAC Hash

Mar 24, 2018 · 144 words · 1 minute read

#crypto #sha256 #signature #hash #key #secret #hmac

Generating HMACs (Keyed-Hash Message Authentication Code) are often used as a way of proving data integrity and authenticity. They involve three integrals parts, the algorithm (in our case SHA256), the secret and the data. They a used mainly because data can be checked between two parties without the sharing of the secret.

In go, there’s a convenient library to help us out with this called crypto/hmac and we show an example of how to do this below.

package main

import (
    "crypto/hmac"
    "crypto/sha256"
    "encoding/hex"
    "fmt"
)

func main() {

    secret := "mysecret"
    data := "data"
    fmt.Printf("Secret: %s Data: %s\n", secret, data)

    // Create a new HMAC by defining the hash type and the key (as byte array)
    h := hmac.New(sha256.New, []byte(secret))

    // Write Data to it
    h.Write([]byte(data))

    // Get result and encode as hexadecimal string
    sha := hex.EncodeToString(h.Sum(nil))

    fmt.Println("Result: " + sha)
}

Example:

Generate SHA256 signature

Related Posts

Check Element Exists in a Slice – Aug 16, 2019
Go doesn’t have a find or in_array function as part of it’s standard library. They are easy to create however. In this example we create a Find() function to search a slice of strings for the element we are looking for. Cue the “generics” rant from some coders. This is a great example of why they could be useful. We have created our find function, but it only works with strings and you will have to create different find functions for different types - as needed.
Apply Middleware to Your Route Handlers – Mar 30, 2018
Middleware is a term used in many different ways within software development, but we’re referring to it as a way to wrap requests and responses in simple abstracted functions which can be applied to some routes easily. In our example below we’re using an AuthMiddleware to check incoming requests for the correct api key and rejecting them if they don’t. Another good example for this technique is applying headers to responses, if you know the content type of the response, we can set it in middleware.
Get a URL Parameter from a Request – Apr 9, 2017
Often it’s important to read off the parameters sent through from the request. If it’s a GET request these will lie within the url itself and can be read using the request’s URL property. It’s important to note that when getting the parameters in this way it will always return an array (or slice?). Our example below will act a little like an echo server, we listen for any requests and log the result of key if it’s present.

Image of Author Edd Turtle

Follow @EddTurtle Follow @golangcode

Author: Edd Turtle

Edd is the Lead Developer at Hoowla, a prop-tech startup, where he spends much of his time working on production-ready Go and PHP code. He loves coding, but also enjoys cycling and camping in his spare time.

See something which isn't right? You can contribute to this page on GitHub or just let us know in the comments below - Thanks for reading!