This error occurs when you attempt to use an unsupported or misspelled algorithm name with Node.js crypto module functions like createHash() or createHmac(). The algorithm name must match one of the hash algorithms available in your Node.js/OpenSSL installation.
The "Unknown algorithm" error is thrown by Node.js's crypto module when you try to create a hash or HMAC with an algorithm that doesn't exist or isn't supported by your current OpenSSL version. Node.js relies on OpenSSL for cryptographic operations, and the available algorithms depend on which OpenSSL version is compiled with your Node.js installation. This error commonly occurs when developers misspell algorithm names (e.g., 'SHA256' instead of 'sha256'), use non-existent algorithms (like 'sha-999' in the example), or attempt to use newer algorithms on older Node.js versions. The crypto module is case-sensitive and requires exact algorithm names. Understanding which algorithms are available in your environment is essential for working with hashing and cryptographic operations in Node.js.
Before fixing the error, verify which algorithms are available in your Node.js installation by running:
const crypto = require('crypto');
console.log(crypto.getHashes());This will output an array of all supported algorithm names, such as:
[
'RSA-MD5', 'RSA-SHA1', 'RSA-SHA256', 'blake2b512',
'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512',
'sha3-224', 'sha3-256', 'sha3-384', 'sha3-512', ...
]Cross-reference your algorithm name with this list to ensure it exists and is spelled correctly.
Correct the algorithm name to match an available one. Common fixes include:
// Wrong - incorrect casing
const hash = crypto.createHash('SHA256');
// Correct - lowercase
const hash = crypto.createHash('sha256');
// Wrong - non-existent algorithm
const hash = crypto.createHash('sha-999');
// Correct - use sha256 or sha512
const hash = crypto.createHash('sha512');
// Wrong - hyphen instead of no separator
const hash = crypto.createHash('sha-256');
// Correct - no hyphen for SHA-2 family
const hash = crypto.createHash('sha256');Note that SHA-3 algorithms DO use hyphens: sha3-256, sha3-512, etc.
For maximum compatibility across Node.js versions and environments, use these well-supported algorithms:
For cryptographic hashing (passwords, signatures):
const crypto = require('crypto');
// SHA-256 (recommended for most use cases)
const hash = crypto.createHash('sha256')
.update('data to hash')
.digest('hex');
// SHA-512 (for higher security requirements)
const hash = crypto.createHash('sha512')
.update('data to hash')
.digest('hex');For HMAC (message authentication):
const hmac = crypto.createHmac('sha256', 'secret-key')
.update('message')
.digest('hex');Avoid MD5 and SHA-1 for security-sensitive applications, as they are cryptographically broken.
If you need a specific algorithm that's not available, check your Node.js version and consider upgrading:
node --versionNewer Node.js versions support more algorithms, including:
- SHA-3 family (sha3-256, sha3-512): Available in Node.js 10+
- Blake2 (blake2b512, blake2s256): Available in Node.js 12+
Update Node.js to the latest LTS version:
# Using nvm (recommended)
nvm install --lts
nvm use --lts
# Or download from nodejs.org
# https://nodejs.org/After updating, verify the algorithm is now available using crypto.getHashes().
For production code that runs in multiple environments, check algorithm availability before use:
const crypto = require('crypto');
function createHashSafely(algorithm, data) {
const availableHashes = crypto.getHashes();
if (!availableHashes.includes(algorithm)) {
console.warn(`Algorithm ${algorithm} not available, falling back to sha256`);
algorithm = 'sha256';
}
return crypto.createHash(algorithm)
.update(data)
.digest('hex');
}
// Usage
const hash = createHashSafely('sha3-256', 'my data');This approach provides graceful fallback behavior instead of crashing the application.
OpenSSL version differences: The available algorithms depend on the OpenSSL version Node.js was compiled against. Use node -p process.versions.openssl to check your OpenSSL version. Older OpenSSL versions (< 1.1.0) may not support SHA-3 or Blake2.
Algorithm naming conventions: SHA-2 family uses no hyphens ('sha256', 'sha512'), while SHA-3 uses hyphens ('sha3-256', 'sha3-512'). RIPEMD uses no hyphens ('ripemd160'). Always check the exact spelling with crypto.getHashes().
Legacy algorithms: Some builds exclude legacy algorithms like MD4, MDC2, or RIPEMD160 for security reasons. If you absolutely need these (e.g., for legacy system compatibility), you may need a Node.js build with a specific OpenSSL configuration.
FIPS mode: When Node.js is running in FIPS mode (Federal Information Processing Standards), only FIPS-approved algorithms are available. MD5 and some other algorithms are disabled in FIPS mode.
Alternative libraries: If you need algorithms not available in Node.js crypto (like Argon2 for password hashing), consider dedicated packages like argon2, bcrypt, or crypto-js. However, always prefer native crypto module for performance and security when possible.
Docker/containerization: Different base images may have different OpenSSL versions. If you're containerizing your app, pin your Node.js version in the Dockerfile to ensure consistent algorithm availability across environments.
Error: Listener already called (once event already fired)
EventEmitter listener already called with once()
Error: EACCES: permission denied, open '/root/file.txt'
EACCES: permission denied
Error: Invalid encoding specified (stream encoding not supported)
How to fix Invalid encoding error in Node.js readable streams
Error: EINVAL: invalid argument, open
EINVAL: invalid argument, open
TypeError: readableLength must be a positive integer (stream config)
TypeError: readableLength must be a positive integer in Node.js streams