crypto.createHmac(algorithm, key[, options])

版本历史

版本	变更
v15.0.0	The key can also be an ArrayBuffer or CryptoKey. The encoding option was added. The key cannot contain more than 2 ** 32 - 1 bytes.
v11.6.0	The `key` argument can now be a `KeyObject`.
v0.1.94	新增于: v0.1.94

algorithm <string>
key <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> | <KeyObject> | <CryptoKey>
options <Object> stream.transform 选项
- encoding <string> 当 key 是字符串时使用的字符串编码。
返回：<Hmac>

创建并返回一个使用指定 algorithm 和 key 的 Hmac 对象。可选的 options 参数用于控制流的行为。

🌐 Creates and returns an Hmac object that uses the given algorithm and key. Optional options argument controls stream behavior.

algorithm 取决于平台上 OpenSSL 版本支持的可用算法。例如 'sha256'、'sha512' 等。在较新的 OpenSSL 版本中，使用 openssl list -digest-algorithms 可以显示可用的摘要算法。

🌐 The algorithm is dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are 'sha256', 'sha512', etc. On recent releases of OpenSSL, openssl list -digest-algorithms will display the available digest algorithms.

key 是用于生成加密 HMAC 哈希的 HMAC 密钥。如果它是 KeyObject，则其类型必须为 secret。如果它是一个字符串，请考虑将字符串用作加密 API 输入时的注意事项。如果它是从密码学安全的熵源获取的，例如 crypto.randomBytes() 或 crypto.generateKey()，其长度不应超过 algorithm 的块大小（例如，对于 SHA-256 为 512 位）。

🌐 The key is the HMAC key used to generate the cryptographic HMAC hash. If it is a KeyObject, its type must be secret. If it is a string, please consider caveats when using strings as inputs to cryptographic APIs. If it was obtained from a cryptographically secure source of entropy, such as crypto.randomBytes() or crypto.generateKey(), its length should not exceed the block size of algorithm (e.g., 512 bits for SHA-256).

示例：生成文件的 sha256 HMAC

🌐 Example: generating the sha256 HMAC of a file

import {
  createReadStream,
} from 'node:fs';
import { argv } from 'node:process';
const {
  createHmac,
} = await import('node:crypto');

const filename = argv[2];

const hmac = createHmac('sha256', 'a secret');

const input = createReadStream(filename);
input.on('readable', () => {
  // Only one element is going to be produced by the
  // hash stream.
  const data = input.read();
  if (data)
    hmac.update(data);
  else {
    console.log(`${hmac.digest('hex')} ${filename}`);
  }
});const {
  createReadStream,
} = require('node:fs');
const {
  createHmac,
} = require('node:crypto');
const { argv } = require('node:process');

const filename = argv[2];

const hmac = createHmac('sha256', 'a secret');

const input = createReadStream(filename);
input.on('readable', () => {
  // Only one element is going to be produced by the
  // hash stream.
  const data = input.read();
  if (data)
    hmac.update(data);
  else {
    console.log(`${hmac.digest('hex')} ${filename}`);
  }
});