From 6f9d78b665c2d70338340121214bd6a6ff8f6ca7 Mon Sep 17 00:00:00 2001
From: Filipp Samoilov <samoylovfp@gmail.com>
Date: Tue, 16 Dec 2025 17:12:18 +0200
Subject: [PATCH 1/4] Implement HMAC SHA256 function in nushell

---
 modules/crypto/hmac.nu | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 modules/crypto/hmac.nu

diff --git a/modules/crypto/hmac.nu b/modules/crypto/hmac.nu
new file mode 100644
index 00000000..f80db17d
--- /dev/null
+++ b/modules/crypto/hmac.nu
@@ -0,0 +1,21 @@
+export def "hmac sha256" [--key: oneof<binary, string>]: oneof<string, binary> -> binary {
+    let message = $in | into binary
+    let key = $key | into binary
+
+    const block_size = 64
+
+    let key_len = ($key | length)
+    let key = match $key_len {
+        64 => $key,
+        65.. => ($key | hash sha256 --binary),
+        _ => {bytes build $key (1..($block_size - $key_len) | each {0x[00]} | bytes collect)} 
+    }
+
+    let i_key = $key | bits xor ((1..$block_size) | each {0x[36]} | bytes collect)
+    let o_key = $key | bits xor ((1..$block_size) | each {0x[5c]} | bytes collect)
+    
+    bytes build $i_key $message 
+    | hash sha256 --binary
+    | bytes build $o_key $in
+    | hash sha256 --binary
+}

From 0b2fcca16f61d0f8a62f527af0dcdbdc72d66e35 Mon Sep 17 00:00:00 2001
From: Filipp Samoilov <samoylovfp@onside.io>
Date: Tue, 16 Dec 2025 20:51:56 +0200
Subject: [PATCH 2/4] Add documentation

---
 modules/README.md        | 4 ++++
 modules/crypto/README.md | 3 +++
 modules/crypto/hmac.nu   | 8 +++++++-
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 modules/crypto/README.md

diff --git a/modules/README.md b/modules/README.md
index cbf35de6..406d6c7b 100644
--- a/modules/README.md
+++ b/modules/README.md
@@ -26,6 +26,7 @@
   - [virtual\_environments](#virtual_environments)
   - [weather](#weather)
   - [webscraping](#webscraping)
+  - [crypto](#crypto)
 
 
 ## [after](./after)
@@ -269,3 +270,6 @@ Simple scripts to demonstrate how to scrape websites in nushell. Requires `query
 ## [result](./result/)
 A module to include in the config which enables storing and convenient access of previously output
 results.
+
+## [crypto](./crypto/)
+Tools for cryptography
diff --git a/modules/crypto/README.md b/modules/crypto/README.md
new file mode 100644
index 00000000..f3dfae3d
--- /dev/null
+++ b/modules/crypto/README.md
@@ -0,0 +1,3 @@
+# Cryptography
+
+Tools for cryptography.
diff --git a/modules/crypto/hmac.nu b/modules/crypto/hmac.nu
index f80db17d..78f4dcb5 100644
--- a/modules/crypto/hmac.nu
+++ b/modules/crypto/hmac.nu
@@ -1,4 +1,10 @@
-export def "hmac sha256" [--key: oneof<binary, string>]: oneof<string, binary> -> binary {
+
+# HMAC-SHA256 implementation
+#
+# This is a message authentication algorithm,
+# using a shared secret key this allows two peers to validate that the message wasn't tampered with.
+# Used for example for issuing JWT tokens.
+export def "sha256" [--key: oneof<binary, string>]: oneof<string, binary> -> binary {
     let message = $in | into binary
     let key = $key | into binary
 

From 94f31bdb0e684ebc653909ab3f5c986a1becb75e Mon Sep 17 00:00:00 2001
From: Filipp Samoilov <samoylovfp@onside.io>
Date: Tue, 16 Dec 2025 20:58:50 +0200
Subject: [PATCH 3/4] Add example

---
 modules/crypto/hmac.nu | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/crypto/hmac.nu b/modules/crypto/hmac.nu
index 78f4dcb5..b9d5f6f8 100644
--- a/modules/crypto/hmac.nu
+++ b/modules/crypto/hmac.nu
@@ -4,6 +4,7 @@
 # This is a message authentication algorithm,
 # using a shared secret key this allows two peers to validate that the message wasn't tampered with.
 # Used for example for issuing JWT tokens.
+@example "generate a message authentication code" {"The quick brown fox jumps over the lazy dog" | hmac sha256 --key "key" | encode hex} --result "F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8"
 export def "sha256" [--key: oneof<binary, string>]: oneof<string, binary> -> binary {
     let message = $in | into binary
     let key = $key | into binary

From 12db8303746f7eaf12228315a743668a3756425f Mon Sep 17 00:00:00 2001
From: Filipp Samoilov <samoylovfp@onside.io>
Date: Tue, 16 Dec 2025 21:02:58 +0200
Subject: [PATCH 4/4] Improve example formatting

---
 modules/crypto/hmac.nu | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/crypto/hmac.nu b/modules/crypto/hmac.nu
index b9d5f6f8..4be1b221 100644
--- a/modules/crypto/hmac.nu
+++ b/modules/crypto/hmac.nu
@@ -4,7 +4,11 @@
 # This is a message authentication algorithm,
 # using a shared secret key this allows two peers to validate that the message wasn't tampered with.
 # Used for example for issuing JWT tokens.
-@example "generate a message authentication code" {"The quick brown fox jumps over the lazy dog" | hmac sha256 --key "key" | encode hex} --result "F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8"
+@example "generate a message authentication code" {
+    "The quick brown fox jumps over the lazy dog" 
+    | hmac sha256 --key "key" 
+    | encode hex
+} --result "F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8"
 export def "sha256" [--key: oneof<binary, string>]: oneof<string, binary> -> binary {
     let message = $in | into binary
     let key = $key | into binary