Torq’s Cryptographic utility steps let you calculate hashes, work with JWTs, generate secure identifiers, and retrieve certificate details directly within workflows. These utilities are commonly used for file verification, token handling, security enrichment, and automation logic.
File hashing
Calculate MD5
Calculates the MD5 hash of a given file.
Parameters
Click the three-dot (…) menu on the right side of the File field, and choose the file input mode:
Plaintext: The input is treated as raw text, provided directly from the workflow context or hardcoded in the field. No file resolution or decoding is performed.
Auto detect: Torq automatically determines whether the input represents a file, a Base64-encoded payload, or plaintext content, and processes it accordingly.
File URL: The input is a publicly accessible URL pointing to a file that contains the required content. Torq retrieves the file from the URL at runtime.
B64: The input is a Base64-encoded payload representing the content. Torq decodes the payload before processing it.
B64 URL: The input is a Base64 URL–encoded payload. This is similar to Base64 but uses URL-safe characters and is decoded accordingly.
Input
sample_file.pdf
Output
f30dcb085daa4e547fa8df4f9f34b1b4
Calculate SHA1
Calculates the SHA-1 hash of a given file.
Parameters
Click the three-dot (…) menu on the right side of the File field, and choose the file input mode:
Plaintext: The input is treated as raw text, provided directly from the workflow context or hardcoded in the field. No file resolution or decoding is performed.
Auto detect: Torq automatically determines whether the input represents a file, a Base64-encoded payload, or plaintext content, and processes it accordingly.
File URL: The input is a publicly accessible URL pointing to a file that contains the required content. Torq retrieves the file from the URL at runtime.
B64: The input is a Base64-encoded payload representing the content. Torq decodes the payload before processing it.
B64 URL: The input is a Base64 URL–encoded payload. This is similar to Base64 but uses URL-safe characters and is decoded accordingly.
Input
sample_file.pdf
Output
6391b087b4d715fb6a3765ba4a975caa766027e6
Calculate SHA256
Calculates the SHA-256 hash of a given file.
Parameters
Click the three-dot (…) menu on the right side of the File field, and choose the file input mode:
Plaintext: The input is treated as raw text, provided directly from the workflow context or hardcoded in the field. No file resolution or decoding is performed.
Auto detect: Torq automatically determines whether the input represents a file, a Base64-encoded payload, or plaintext content, and processes it accordingly.
File URL: The input is a publicly accessible URL pointing to a file that contains the required content. Torq retrieves the file from the URL at runtime.
B64: The input is a Base64-encoded payload representing the content. Torq decodes the payload before processing it.
B64 URL: The input is a Base64 URL–encoded payload. This is similar to Base64 but uses URL-safe characters and is decoded accordingly.
Input
sample_file.pdf
Output
58733067557874c74b264e8de156b4953a185825419a484aab817cdc71d0a162
JWT utilities
Decode JWT
Decodes a JSON Web Token (JWT) without validating its signature.
Input
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkphbmUgRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Output
{
"alg":"HS256",
"typ":"JWT"
}{
"sub":"1234567890",
"name":"Jane Doe",
"iat":1516239022
}Encode JWT
Encodes a JSON Web Token using HS256. Default claims for issue time (iat) and expiration time (exp) are automatically added.
Parameters
Secret: The signing secret used to generate the JWT signature.
Expiry time (optional): The token expiration time (for example, in seconds from issuance).
Claims (optional): The JSON payload containing custom claims to include in the token.
Input
{
"alg":"HS256",
"typ":"JWT",
"payload":{
"sub":"1234567890",
"name":"John Doe",
"iat":1615159812
}
}Output
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNjE1MTU5ODEyfQ.<Signature>
Signatures
Generate HMAC
Generates an HMAC signature using the SHA-256 hash function.
Parameters
HMAC key: The secret key used to generate the HMAC signature.
Message body: The message or payload to be signed.
Inputs
HMAC key:
{{ $.secrets.jwt_secret }Message body:
Body
Output
<GeneratedHMACsignature>
Randomization and identifiers
Generate Random Number
Generates a random number between the specified minimum (inclusive) and maximum (exclusive) values.
Parameters
Min value: The minimum value (inclusive).
Max value: The maximum value (exclusive).
Input
Min value:
50Max value:
50
Output
-32
Generate Random String
Generates a random alphanumeric string.
Parameters
Length: The number of characters to generate in the random string.
String format: Defines which characters are included in the generated string. Supported options include:
Alphanumeric (upper and lower case)
Alphanumeric (upper case only)
Alphanumeric (lower case only)
Numeric
Alphanumeric (upper and lower case with special symbols)
Input
Length: 12
String format: Alphanumeric both lower and upper
Output
iRT4T2EayYe5
Generate UUID
Generates a universally unique identifier (UUID).
Parameters
UUID version: The UUID version to generate (for example, version 4 for randomly generated UUIDs).
Output
05581d99-b768-41c8-82f3-7527709836f1
Certificate inspection
Get TLS Certificate Information
Retrieves TLS/SSL certificate details from a specified endpoint, such as issuer, validity period, and certificate chain information.
Password and MFA utilities
Complex Password Generator
Generates a strong, complex password that can be used for account creation, credential rotation, or secure onboarding workflows.
Parameters
Characters: The character set to use when generating the password.
Password length: The length of the generated password.
Input
Characters: Letters (upper and lower case), numbers (
0–9), and symbols!@#%&*()Password length: 12
Output
A7@f%2R&k9#M
TOTP Token Generator
Generates a Time-based One-Time Password (TOTP) token (e.g., for MFA flows) based on a shared secret and the current system time.
Parameters
TOTP seed: The shared secret used to generate the TOTP token.
Input
TOTP seed: JBSWY3DPEHPK3PXP
Output
492817
TOTP Token Generator with NTP Sync
Generates a TOTP token using time synchronized via NTP. This helps prevent token failures caused by clock drift on the Runner host.
Parameters
TOTP seed: The shared secret used to generate the TOTP token.
TOTP interval: The time step (in seconds) used to generate each token.
NTP server: The NTP server used to synchronize time for token generation.
Input
TOTP seed:
JBSWY3DPEHPK3PXPTOTP interval:
30NTP server:
time.google.com
Output
492817
Use case: Generate Random String
This workflow demonstrates how to run an interactive email-based approval or confirmation flow using Microsoft 365. It sends a question to a user via email, waits for a reply, evaluates the response (“Yes” or “No”), and notifies a Slack channel with the outcome. The workflow uses the Generate Random String cryptographic utility to create a unique message ID that correlates an outgoing email with the recipient’s reply, enabling reliable tracking and automation in interactive workflows.
For a detailed implementation, refer to the full workflow template available in Torq.
Configure workflow variables: Define key values used throughout the workflow, such as:
The recipient’s email address
The sender’s email address
The Slack user or channel to notify with the result
These variables centralize configuration and make the workflow easier to maintain.
Authenticate with Microsoft 365: Generate an access token for the Microsoft Graph API using the configured Microsoft 365 integration. This token is required to send emails and search the mailbox for replies.
Generate a unique correlation ID: Use the Generate Random String cryptographic utility to create a unique, 16-character alphanumeric ID. This ID is embedded in the email subject and later used to match incoming replies to the original request.
Send the interactive email: Send an email via Microsoft Outlook that asks the recipient to reply (for example, with “Yes” or “No”). The subject includes the generated correlation ID so responses can be uniquely identified.
Continue with the next steps: Poll the mailbox for replies containing the correlation ID, extract the user’s response, evaluate the outcome (Yes/No or no response), and notify the appropriate Slack channel. You can then extend the workflow to trigger additional actions based on the response, such as approvals, escalations, or follow-up automations.