Skip to content

Commit

Permalink
doc: improve HMAC key recommendations
Browse files Browse the repository at this point in the history
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: #48052
Refs: #37248
PR-URL: #48121
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
  • Loading branch information
tniessen authored and targos committed May 30, 2023
1 parent 45c3782 commit 281dfaf
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion doc/api/crypto.md
Original file line number Diff line number Diff line change
Expand Up @@ -3391,7 +3391,11 @@ On recent releases of OpenSSL, `openssl list -digest-algorithms` will
display the available digest algorithms.

The `key` is the HMAC key used to generate the cryptographic HMAC hash. If it is
a [`KeyObject`][], its type must be `secret`.
a [`KeyObject`][], its type must be `secret`. If it is a string, please consider
[caveats when using strings as inputs to cryptographic APIs][]. If it was
obtained from a cryptographically secure source of entropy, such as
[`crypto.randomBytes()`][] or [`crypto.generateKey()`][], its length should not
exceed the block size of `algorithm` (e.g., 512 bits for SHA-256).

Example: generating the sha256 HMAC of a file

Expand Down Expand Up @@ -3665,6 +3669,9 @@ generateKey('hmac', { length: 512 }, (err, key) => {
});
```

The size of a generated HMAC key should not exceed the block size of the
underlying hash function. See [`crypto.createHmac()`][] for more information.

### `crypto.generateKeyPair(type, options, callback)`

<!-- YAML
Expand Down Expand Up @@ -3935,6 +3942,9 @@ const key = generateKeySync('hmac', { length: 512 });
console.log(key.export().toString('hex')); // e89..........41e
```

The size of a generated HMAC key should not exceed the block size of the
underlying hash function. See [`crypto.createHmac()`][] for more information.

### `crypto.generatePrime(size[, options[, callback]])`

<!-- YAML
Expand Down Expand Up @@ -6030,6 +6040,7 @@ See the [list of SSL OP Flags][] for details.
[`crypto.createSecretKey()`]: #cryptocreatesecretkeykey-encoding
[`crypto.createSign()`]: #cryptocreatesignalgorithm-options
[`crypto.createVerify()`]: #cryptocreateverifyalgorithm-options
[`crypto.generateKey()`]: #cryptogeneratekeytype-options-callback
[`crypto.getCurves()`]: #cryptogetcurves
[`crypto.getDiffieHellman()`]: #cryptogetdiffiehellmangroupname
[`crypto.getHashes()`]: #cryptogethashes
Expand Down

0 comments on commit 281dfaf

Please sign in to comment.