Generating a SHA256 HMAC Hash

Mar 24, 2018 · 144 words · 1 minute read

#crypto #sha256 #signature #hash #key #secret #hmac

Generating HMACs (Keyed-Hash Message Authentication Code) are often used as a way of proving data integrity and authenticity. They involve three integrals parts, the algorithm (in our case SHA256), the secret and the data. They a used mainly because data can be checked between two parties without the sharing of the secret.

In go, there's a convenient library to help us out with this called crypto/hmac and we show an example of how to do this below.

package main

import (
    "crypto/hmac"
    "crypto/sha256"
    "encoding/hex"
    "fmt"
)

func main() {

    secret := "mysecret"
    data := "data"
    fmt.Printf("Secret: %s Data: %s\n", secret, data)

    // Create a new HMAC by defining the hash type and the key (as byte array)
    h := hmac.New(sha256.New, []byte(secret))

    // Write Data to it
    h.Write([]byte(data))

    // Get result and encode as hexadecimal string
    sha := hex.EncodeToString(h.Sum(nil))

    fmt.Println("Result: " + sha)
}

Example:

Generate SHA256 signature

Related Posts

Argon2 Password Hashing – Jan 25, 2020
Argon2 is a password hashing algorithm which was voted the winner in the Password Hashing Competition in 2015. It has implementations in many programming languages these days, with Go being no exception, and is often recommended over tools like bcrypt. It is, however, a little difficult to use the library directly in Go and this post is designed to provide a wrapper for the library and provide two functions at the end of it.
Foreach Loops: The Go Way – Dec 7, 2019
The foreach keyword itself does not exist within Go, instead the for loop can be adapted to work in the same manner. The difference however, is by using the range keyword and a for loop together. Like foreach loops in many other languages you have the choice of using the slices’ key or value within the loop. Example 1) In our example, we iterate over a string slice and print out each word.
JSON Web Tokens: Authenticating your API – Aug 26, 2019
There are of course many different ways to build authentication into APIs these days - JSON web tokens being just one of them. JSON Web Tokens (JWT) have an inherent advantage over other methods, like Basic Authentication, by working as a token system instead of sending the username and password with every request. To learn more about it, head over to the introduction on jwt.io before we dive straight into it.

Image of Author Edd Turtle

Follow @EddTurtle Follow @golangcode

Author: Edd Turtle

Edd is the Lead Developer at Hoowla, a prop-tech startup, where he spends much of his time working on production-ready Go and PHP code. He loves coding, but also enjoys cycling and camping in his spare time.

See something which isn't right? You can contribute to this page on GitHub or just let us know in the comments below - Thanks for reading!