The hash generated in Elixir does not match the Javascript hash

EinerZG · November 19, 2024, 8:11pm

Hi all, I have a problem with the generation of a hash. I have a Javascript code that takes the body of a request, passes it to a string and then generates a hash. I need to pass the code to Elixir, but the results do not match. I share the code with you:

JS

import sha256 from 'crypto-js/sha256';
import Base64 from 'crypto-js/enc-base64';

const body = "my body"
const hashDigest = sha256(body);
const digest = Base64.stringify(hashDigest)

console.log("Digest:", digest);

Result: "IZ2yn/XIIEdwXSkGAK/256XFSNMy33gr0zRZoo+pe/c="

Elixir

def compute_digest(body) do
	body
	|> Jason.encode!()
	|> (&:crypto.hash(:sha256, &1)).()
	|> Base.encode64()
	|> IO.inspect(label: "Digest")
end

Result: "7om2lOXEa2byLhn1M19iEf9KA6DdnljHD6BMdA8IdLc="

Any ideas on how to solve this problem?

josevalim · November 19, 2024, 8:17pm

Isn’t that call to Jason doing one additional encoding of the data? And if so, can you make sure that the encoded JSON is the same in both cases?

cevado · November 19, 2024, 8:25pm

js snippet and elixir snippet doesn’t do the same thing, you need to pass body to JSON.stringify for the js snippet to be the same, something like:

import sha256 from 'crypto-js/sha256';
import Base64 from 'crypto-js/enc-base64';

const body = JSON.stringify("my body")
const hashDigest = sha256(body);
const digest = Base64.stringify(hashDigest)

console.log("Digest:", digest);

edit: removed the result because i didn’t run the code here.

EinerZG · November 19, 2024, 9:42pm

Hello valid @josevalim, Yes, they are the same. I don’t know if it’s because with Elixir the result of Jason.encode!(“hello”) is "\"hello\"" and with JS it’s just “hello”.

tcoopman · November 19, 2024, 9:44pm

What? Jason.encode! doing translations? That seems not correct. Are you sure it’s not something else doing that?

But that will of course return a different hash.

EinerZG · November 19, 2024, 9:47pm

Sorry, it was a typo.

tcoopman · November 19, 2024, 9:50pm

Anyway, same issue: “"hello"” is not the same as “hello, so it can’t be the same hash.
As stated above, make sure you’re doing the same encodings in both languages

dimitarvp · November 19, 2024, 10:21pm

Show us the exact value of body in both codebases and make VERY sure they are both "hello" and don’t have double-double quotes in Elixir.

benwilson512 · November 20, 2024, 1:43am

A very important thing to keep in mind is JSON key order. Neither the JSON spec nor the Elixir maps you generally encode to JSON have any guaranteed key order, so when you write it out to a string you may get different actual strings before the encoding. That may not matter for you use case but it’s a common issue if you expect strict equality with larger or more complex JSON strings.

derek-zhou · November 20, 2024, 2:19am

If you remove the Jason.encode!() then it will match:

iex(2)> :crypto.hash(:sha256, "my body") |> Base.encode64()
"IZ2yn/XIIEdwXSkGAK/256XFSNMy33gr0zRZoo+pe/c="

EinerZG · November 20, 2024, 2:16pm

Yes, thank you, yesterday I was able to identify that this is the problem. When getting the body it is changing the odern of the keys. Actually the string transformation that the Jason.encode!/1 does does not affect the hash generation. Thanks for the help.