Directive Reference

set_hmac_sha256

The 'set_hmac_sha256' directive computes HMAC-SHA256 hash values.

NGINX Set-Misc module · httpserverlocationif in serverif in location
Syntaxset_hmac_sha256 $var_name $key $input_string;
Defaultnone
Contexthttp, server, location, if in server, if in location
Arguments3

Description

The 'set_hmac_sha256' directive from the NGINX Set-Misc module allows for the computation of HMAC (Hash-based Message Authentication Code) using the SHA-256 hashing algorithm. This directive takes three arguments: the name of the variable where the resulting hash will be stored, a key for the HMAC calculation, and the input string that will be hashed. It is essential to provide these arguments in the specified order.

When the configuration is processed, the directive computes the HMAC-SHA256 of the input string using the provided key. This is useful for ensuring the integrity and authenticity of messages, allowing the web application to verify that the messages have not been tampered with during transmission. The results are stored in the specified variable for later use by NGINX or passed to other directives.

This directive can be utilized in various contexts including 'http', 'server', 'location', and even 'if' directives within both 'server' and 'location', making it flexible for different configuration needs.

Config Example

http {
    server {
        location /hmac {
            set $my_key "secret_key";
            set $my_input "message to hash";
            set_hmac_sha256 $result $my_key $my_input;
            add_header X-Result $result;
        }
    }
}

Ensure that the key and input string are correctly defined; improper values can lead to unexpected results.

The variable must be declared properly; otherwise, the computed HMAC will not be accessible for later use.

Related Directives

set_hmac_sha1set_sha256set_md5
← Back to all directives