Crypto encode a string to match Web Crypto API

I’m new to Elixir/Phoenix, and I’m trying to generate a hash for a given string that matches one made with Web Crypto API.

I have Nginx with NJS module (basically ECMAScript 5.1 module) that I use to generate sha256 for given host, on the fly, e.g.

let hash = await crypto.subtle.digest('SHA-256',;

let buf = Buffer.from(hash).toString('hex');


so for host this gives hexits of 64e2d33ec7149d132d249084147187d043e4bb10c75acf2004597ccbd6128441

Now, I have web app in Phoenix that will create these hashes in the first place (above Nginx code needs to match them in order for things to work). However, given this Elixir code:

:crypto.hash(:sha256, "") |> Base.encode16() |> String.downcase()

gives hexits of 0a79eaf6adb7b1e60d3fa548aa63105f525a00448efbb59ee965b9351a90ac31

which is not the same as one that Nginx has created.

can someone help please?

both, the NJS and Phoenix needs to create same hashes for given (same) string.

BTW my understanding is that the NJS uses crypto library from ECMAScript that, I think, is Web Crypto API implementation, which conforms to FIPS 180-4 spec. Elixir, I guess, uses the Erlang hash functions, which also point to FIPS 180-4 spec from its docs. I’m lost a bit :frowning:

Elixir code returns proper value:

Buffer.from(await crypto.subtle.digest('SHA-256', '')).toString('hex')
// => '0a79eaf6adb7b1e60d3fa548aa63105f525a00448efbb59ee965b9351a90ac31'

So you probably have some rouge characters in your NJS input.


Thank you!! I knew Elixir was right (bloody JavaScript…)

Turns our the NJS input of contains a HTTP port(!) as well, so it behaves different to what Nginx does for same variable, hence I could not spot the obvious. Ehh.

BTW In Nginx $http_host returns host with port, and $host returns just the host. NJS does not have $http_host, and the $host returns host with port.