How can I decrypt a HMAC?

Question

I can make an HMAC using the following:

var encrypt = crypto.createHmac(\"SHA256\", secret).update(string).digest(\'base64\');

I am trying

Answer 1

As already been stated by CodesInChaos, HMAC with SHA256 can only be used to hash a value, which is a one-way trip only. If you want to be able to encrypt/decrypt you will have to use a cipher, such as aes or des.

Example on how encryption/decryption:

const crypto = require("crypto");

// key and iv   
var key = crypto.createHash("sha256").update("OMGCAT!", "ascii").digest();
var iv = "1234567890123456";

// this is the string we want to encrypt/decrypt
var secret = "ermagherd";

console.log("Initial: %s", secret);

// create a aes256 cipher based on our password
var cipher = crypto.createCipheriv("aes-256-cbc", key, iv);
// update the cipher with our secret string
cipher.update(secret, "ascii");
// save the encryption as base64-encoded
var encrypted = cipher.final("base64");

console.log("Encrypted: %s", encrypted);

// create a aes267 decipher based on our password
var decipher = crypto.createDecipheriv("aes-256-cbc", key, iv);
// update the decipher with our encrypted string
decipher.update(encrypted, "base64");

console.log("Decrypted: %s", decipher.final("ascii"));

Note: You have to save the cipher/decipher into their own variable, and also make sure not to chain .final after .update.

If you want to know what ciphers are available on your system, use the following command:

openssl list-cipher-algorithm

Answer 2

Again to reiterate hashes aren't designed to be decrypted. However once you have a hash you can check any string is equal to that hash by putting it through the same encryption with the same secret.

var crypto = require('crypto')

var secret = 'alpha'
var string = 'bacon'

var hash = crypto.createHmac('SHA256', secret).update(string).digest('base64');
// => 'IbNSH3Lc5ffMHo/wnQuiOD4C0mx5FqDmVMQaAMKFgaQ='

if (hash === crypto.createHmac('SHA256', secret).update(string).digest('base64')) {
  console.log('match') // logs => 'match'
} else {
  console.log('no match')
}

Seems obvious, but very powerful.

Answer 3

HMAC is a MAC/keyed hash, not a cipher. It's not designed to be decrypted. If you want to encrypt something, use a cipher, like AES, preferably in an authenticated mode like AES-GCM.

The only way to "decrypt" is guessing the whole input and then comparing the output.

Answer 4

Clean-up of code for a Minimalist View and removal of clutter: note: IIFE runnable in node repl "As Is"

!function(){

const crypto = require("crypto");

// key 
var key = crypto.createHash("sha256").digest();


 // this is the string we want to encrypt/decrypt
 var secret = "ermagherd";

 console.log("Initial: %s", secret);

// create a aes256 cipher based on our password
var cipher = crypto.createCipher("aes-256-cbc", key);

// update the cipher with our secret string
cipher.update(secret);

// save the encryption 
var encrypted = cipher.final();

console.log("Encrypted: %s", encrypted);

// create a aes267 decipher based on our password
 var decipher = crypto.createDecipher("aes-256-cbc", key);

// update the decipher with our encrypted string
decipher.update(encrypted);

console.log("Decrypted: %s", decipher.final()); //default is utf8 encoding   final("utf8") not needed for default

}()

/*  REPL Output

            Initial: ermagherd
    Encrypted: T)��l��Ʀ��,�'
    Decrypted: ermagherd
    true
*/