Updated: Jun 13, 2021
We live in an age where security is a must and cyber security is equally important as our physical security. Cyber security breaches can cost companies millions, identity theft can devastate lives and cyber warfare can be a National nightmare.
As developers it is imperative to consider security upfront rather than make it an afterthought. This post will be the first of a series of posts that focuses on securing Mule applications and messages in transmission. This post will discuss hash functions and demo its use in the DataWeave Crypto library.
A Note About Hash Functions
You may have heard of hash functions in your computer science course and may have used hash tables or hash maps in your projects. Hash functions are also applicable in cryptography. Hash functions are functions that take a message and return an unique value. This is called a message digest (Secure Cryptography, 106). When describing hash functions, Jean-Philippe Aumasson states in his book, Serious Cryptography on page 105
"Hash functions - such as MD5, SHA-1, SHA-256, SHA-3, and BLAKE2 - comprise the cryptographer's Swiss Army Knife: they are used in digital signatures, public-key encryption, integrity verification, message authentication, password protection, key agreement protocols, and many other cryptographic protocols."
Now onto the Mule Stuff
DataWeave 2.0 for Mule 4 ships with a Crypto library that consists of the following hash functions:
To enable the Crypto library use the following line of code:
import * from dw::Crypto
Read on for information about each hash function and how to use it in Mule.
Hash-Based Message Authentication Code (HMAC)
HMAC is used to calculate message authentication codes. These codes are generated by using a cryptographic key and hashing function. HMACs can be used for authentication and to check data integrity.
DataWeave offers two functions for HMAC (HMACBinary and HMACWith).
As depicted above HMACBinary takes a cryptographic key and message (both as Binary) and returns a HMAC hash code. The default hashing algorithm is HMACSHA1.
The HMACWith function is similar to the HMACBinary function, however you can choose the hashing function. The available options are HMACSHA1, HMAC256 and HMAC512.
Message-Digest Algorithm 5 (MD5)
MD5 is a hashing function that returns a 128-bit value. This function is currently used for validating data integrity. DataWeave offers the MD5 function that takes in a binary input and returns a hexadecimal all lower case string.
Secure Hash Algorithm 1 (SHA-1)
SHA-1 is another hashing function that returns a 160-bit value. However this algorithm is deemed insecure and was deprecated in 2011 by NIST. In, CWI and Google announced its first collision. Since then technology companies have been slowly migrating away from SHA 1.
DataWeave offers the SHA1 function.
Other Hashing Functions
MD5 and SHA1 are only two of many hashing functions. Understanding that, our friends at MuleSoft have created the hashWith function. The available options are MD2, MD5, SHA-1, SHA-256, SHA-384, and SHA-512.
Want to know more about hash functions?