Support Center
API calls below allow for hashing of password and other secrets using strong cryptography methods. For instance, if there is a need to securely save a user's password to the database and later verify it - this is the API to use.
Note that Zato has an entire Single-Sign On and user management API that automates user authentication, without programming needed, and the functionality below is meant to be used in situations when SSO and user API should be extended with custom features. Otherwise, the SSO and user API is the most convenient one to use.
Implementation-wise, the key derivation function for hashing is PBKDF2-512. Defaults are salt size of 64 bytes (512 bits) and 120,000 of hash rounds.
# -*- coding: utf-8 -*-
# Zato
from zato.server.service import Service
class MyService(Service):
def handle(self):
# Suppose there is a password to hash
data = 'C61mBoPzpa2sA'
# Log data to be manipulated
self.logger.info('Data `%s`', data)
# Hash it - the result can be saved to
# some kind of storage in order to verify it later on
hashed = self.crypto.hash_secret(data)
# Log the resulting form
self.logger.info('Hashed `%s`', hashed)
To verify a hashed value, it first needs to be loaded from storage and then compared to incoming data, e.g. to a password that the user sent in.
# -*- coding: utf-8 -*-
# Zato
from zato.server.service import Service
class MyService(Service):
def handle(self):
# This function should load the hashed from, e.g. from a database
hashed = load_hashed()
# This is the data to be checked against the hashed value,
# e.g. a user's password
data = load_data()
# Returns a boolean flag to indicate if verification succeeeded
is_valid = self.crypto.verify_hash(data, hashed)
# -*- coding: utf-8 -*-
# Zato
from zato.server.service import Service
class MyService(Service):
def handle(self):
# Data to hash
data = '1234567890'
# Log data to be manipulated
self.logger.info('Data `%s`', data)
# Hash it
hashed = self.crypto.hash_secret(data)
# Log the resulting form
self.logger.info('Hashed `%s`', hashed)
# Verify the hash
is_valid = self.crypto.verify_hash(data, hashed)
# Will be True
self.logger.info('Is correct `%s`', is_valid)
# Verify the hash, using invalid input
is_valid = self.crypto.verify_hash('invalid', hashed)
# Will be False
self.logger.info('Is correct `%s`', is_valid)
Other crypto APIs: