hash

Owned by Fiona Sargeant (Unlicensed)
Last updated: Dec 16, 2024 by Zoe Baldwin


Function: hash()

Returns a hash-encrypted string, optionally with a salt.

Syntax

hash(algorithm, salt, string, format)

ArgumentTypeDescriptionExample Values

algorithm

String

The name of the hashing algorithm.

Four hashing functions are supported: (see below)


  • MessageDigests - Secure one way hash algorithms. If the salt is not _NULL it will be appended to the end of the string.
  • SHA-256
  • SHA-384
  • SHA-512
  • SHA-1
  • MD2
  • MD5
  • Ciphers- Secure encryption using a key. The salt is the encryption key, either in PEM format or as a raw string. The required format and length will depend on the encryption algorithm. Algorithm names can also include 'transformations' which further refine the encryption operation.
  • AES
  • AES/CBC/PKCS5Padding
  • Blowfish
  • DES
  • DESede
  • DESede/ECB/PKCS5Padding
  • ECIES
  • RC2
  • RC4
  • RC5
  • RSA
  • HMACs- Message authentication codes. The salt is the encryption key as a raw string.
  • HmacMD5
  • HmacSHA1
  • HmacSHA224
  • HmacSHA256
  • HmacSHA384
  • HmacSHA512
  • Signature - Cryptographic signing algorithms. The salt is the private key either in PEM format or as a raw string. The required format and length will depend on the encryption algorithm. 
  • MD5withRSA
  • SHA256withRSA
  • SHA384withRSA
  • SHA512withRSA
  • SHA256withDSA
  • SHA384withDSA
  • SHA512withDSA
  • SHA256withECDSA
  • SHA384withECDSA
  • SHA512withECDSA

salt

String

The salt, password or key.

Additional salt characters to add to the end of the string before hashing.
If no salt is required, specify _NULL.


string

String

The string to be hashed. Must not be null.


formatString

Optional, specifies the output format.

  • HEX - output hex-encoded string of the binary data
  • BASE64 - base64 encoded string of the binary data
  • URL - url safe version of the base64 encoded string of the binary data
  • JWT - url safe encoding without padding of the base64 encoded string of the binary data
  • MIME - mime version of the base64 encoded string of the binary data

Two output formats are supported. The default is HEX encoding of the bytes. Alternatively, Base64 encoding of the resultant value can be requested  using one of the values specified for base64Encode.

Examples

Basic Hash

hash("SHA-256", _NULL, "testValue")

Takes the string testValue, uses SHA-256 algorithm to convert it to a hashed string. No salt is added. Returns the value: 82fe0c834cbea069013c5eb7828e599a693e0d2411887e2ab273271662973082

RS256 JWT Token Generation

do(
$header = '{"alg":"RS256","typ":"JWT"},
$payload = '{"sub":"1234567890","name":"John Doe","admin":true,"iat":1516239022}',
$key = "-----BEGIN PRIVATE KEY-----\r\n ....",
$prefix = base64Encode($header, "JWT")+"."+base64Encode($payload, "JWT"),
$prefix + "." + hash("SHA256withRSA", $key, $prefix, "JWT"))
)

Generates a RS356 JWT token using a private key and the SHA256withRSA signature hash function.

HS256 JWT Token Generation

do(
$header = '{"alg":"HS256","typ":"JWT"},
$payload = '{"sub":"1234567890","name":"John Doe","admin":true,"iat":1516239022}',
$key = "0123456789abcdef0123456789abcdef",
$prefix = base64Encode($header, "JWT")+"."+base64Encode($payload, "JWT"),
$prefix + "." + hash("HmacSHA256", $key, $prefix, "JWT"))
)

Constructs an HS256 JWT token using a 32 character key and the HmacSHA256 HMAC hash function.


Additional Information

The hash function from version 10.1 onwards supports passing the values of secret keys (see Secret Key and Local Secret) into the hash value.

See Also