🚨 Live Coding Camp - Create a token on Ethereum with us on 31st Jan 2023 Register now
Skip to content
Home » Answers » What is the Node.js crypto.createSign method?

What is the Node.js crypto.createSign method?

Image saying what is the node js crypto create sign method?


The crypto.createSign() method in Node.js crypto module is used to create a sign object for creating digital signatures. A digital signature is a mathematical scheme for verifying the authenticity and integrity of a message, software or digital document.

The createSign() method takes in a single argument, which is the algorithm to be used for creating the digital signature.

How to use the createSign() method in Node.js crypto module

Let’s create a digital signature for a message. Here’s an example 👇🏼

const crypto = require('crypto');

const message = 'This is a message to be signed';

// Create a sign object using the 'RSA-SHA256' algorithm
const sign = crypto.createSign('RSA-SHA256');

// Update the sign object with the message to be signed

// Generate the private key
const privateKey = '-----BEGIN RSA PRIVATE KEY-----\n' +
                   'MIIEpAIBAAKCAQEA6DgHBlcjg+zUvkVq3R5jFcq0f0mvj8YtfHr5r5f5x5j5v5r5\n' +
                   'f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5\n' +
                   'x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5\n' +
                   'j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5\n' +
                   'v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5\n' +
                   'r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5f5x5j5v5r5\n' +
                   '-----END RSA PRIVATE KEY-----\n';

// Sign the message using the private key
const signature = sign.sign(privateKey, 'hex');
console.log(signature); // Outputs the digital signature

Here’s a more complete explanation of the code above:

  1. First, we import the crypto module.
  2. Next, we define a message that we want to sign.
  3. We then create a sign object using the crypto.createSign() method, passing in the algorithm we want to use for the signature. In this case, we are using the RSA-SHA256 algorithm.
  4. We then update the sign object with the message we want to sign using the sign.update() method.
  5. We then generate a private key, which is used to sign the message. The private key is a string in PEM format, which is a standard format for storing cryptographic keys.
  6. We then use the sign.sign() method to sign the message using the private key. The first argument passed to this method is the private key, and the second argument is the encoding of the output signature. In this example, we are using the ‘hex’ encoding, which will output the signature as a hexadecimal string.

It is important to note that it is not recommended to hardcode the private key in the code and should be kept secret and protected.

Once we have the signature, we can then use the public key to verify the authenticity of the message by using the crypto.createVerify() method along with the verify.update() and verify.verify() method.

This way you can ensure that the message has not been tampered with and is coming from a trusted source.