javascriptjavanode.jssha256message-digest

Translating Java password hashing method to JS implementation


I would like to translate Java code password hashing used in Blynk IoT software that I can use in Express.js app. Thanks for any help!

Java code: https://www.onlinegdb.com/HJe19lyFB

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;

public class Main {

    public static void main(String[] args){
        System.out.println(makeHash("password","mail@gmail.com")); 
    }

    private static final String SHA_256 = "SHA-256";

    private Main() {
        try {
            MessageDigest.getInstance(SHA_256);
        } catch (NoSuchAlgorithmException e) {
        }
    }

    public static String makeHash(String password, String salt) {
        try {
            MessageDigest md = MessageDigest.getInstance(SHA_256);
            md.update(password.getBytes(StandardCharsets.UTF_8));
            byte[] byteData = md.digest(makeHash(salt.toLowerCase()));
            return Base64.getEncoder().encodeToString(byteData);
        } catch (Exception e) {
            //ignore, will never happen.
        }
        return password;
    }

    private static byte[] makeHash(String val) throws NoSuchAlgorithmException {
        return MessageDigest.getInstance(SHA_256).digest(val.getBytes(StandardCharsets.UTF_8));
    }

}

Currently not working solution: https://repl.it/@patryk0493/blynk-password-hashing

const btoa = require('btoa');
var util = require('util');
const KJUR = require('jsrsasign');

const password = 'password';
const email = 'mail@gmail.com';

const options = {"alg": "sha256", "prov": "cryptojs"}

makeHash = (str) => {
  const md = new KJUR.crypto.MessageDigest(options);
  return md.digestString(new util.TextEncoder().encode(str.toLowerCase()))
}

const md = new KJUR.crypto.MessageDigest(options);
md.updateString(new util.TextEncoder().encode(password));
const byteData = md.digest(makeHash(email.toLowerCase()));
const base64 = btoa(byteData)

console.log(base64);


Solution

  • You can re-implement the Java password hashing using the standard Node.js crypto module:

    const crypto = require('crypto');
    
    const makeHash = (data) => {
      const hash = crypto.createHash('sha256');
      return hash.update(data, 'utf8');
    }
    
    const password = "password";
    const salt = "mail@gmail.com";
    
    const result = makeHash(password)
      .update(makeHash(salt).digest())
      .digest('base64')
    
    console.log(result);