Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Coldfusion HMAC-SHA1 encryption

Tags:

coldfusion

encryption

coldfusion-9

hmacsha1

There is an example HMAC-SHA1 here that works in javascript

http://jssha.sourceforge.net/

Text to encrypt

vibaHBXwUXFqVSg-+kTrqYJZEJkbVeqLc=bo.LlXGET12505351831husu9039http://api.tineye.com/rest/search/image_url=http%3a%2f%2ftineye.com%2fimages%2ftineye_logo_big.png&limit=30&offset=10

Key

vibaHBXwUXFqVSg-+kTrqYJZEJkbVeqLc=bo.LlX

Output

9e734661c9e8b6dc9b6b4b3def9769c00e8843b8

Issue

I can't however duplicate the output in Coldfusion. I'm using a function from a previous Stackoverflow.com question

<cffunction name="hmacEncrypt" returntype="binary" access="public" output="false">
   <cfargument name="signKey" type="string" required="true" />
   <cfargument name="signMessage" type="string" required="true" />


   <cfset var jMsg = JavaCast("string",arguments.signMessage).getBytes("iso-8859-1") />
   <cfset var jKey = JavaCast("string",arguments.signKey).getBytes("iso-8859-1") />

   <cfset var key = createObject("java","javax.crypto.spec.SecretKeySpec") />
   <cfset var mac = createObject("java","javax.crypto.Mac") />

   <cfset key = key.init(jKey,"HmacSHA1") />

   <cfset mac = mac.getInstance(key.getAlgorithm()) />
   <cfset mac.init(key) />
   <cfset mac.update(jMsg) />

   <cfreturn mac.doFinal() />
</cffunction>

<cfset result = hmacEncrypt("vibaHBXwUXFqVSg-+kTrqYJZEJkbVeqLc=bo.LlX", "vibaHBXwUXFqVSg-+kTrqYJZEJkbVeqLc=bo.LlXGET12505351831husu9039http://api.tineye.com/rest/search/image_url=http%3a%2f%2ftineye.com%2fimages%2ftineye_logo_big.png&limit=30&offset=10")>

<cfset x1 = toString(tobase64(result))>

This returns

nnNGYcnottyba0s975dpwA6IQ7g=

Any help appreciated.

like image 843
Brettski Avatar asked Jan 18 '23 13:01

Brettski

2 Answers

<cfset x1 = toString(tobase64(result))>

The other function is returning hex, not base64. Other than that it seems to work fine for me:

 <cfset x1 = binaryEncode(result, "hex")>
like image 156
Leigh Avatar answered Jan 25 '23 07:01

Leigh

The clue is in your expected output string: it contains only digits and lowercase letters. If you look closer, all the letters are in the range a-f. Therefore it is extremely likely that it is a hexadecimal string.

The last line of your example code encodes the result as base64, not hexadecimal. You can encode the result as hexadecimal by changing the last line to this:

<cfset x1 = binaryEncode(result,"hex")>

I ran the modified code and got

9E734661C9E8B6DC9B6B4B3DEF9769C00E8843B8

which is the uppercase version of your expected string.

like image 24
Boomerang Fish Avatar answered Jan 25 '23 07:01

Boomerang Fish
Sign in to Comment

Related questions

How does the receiver of a cipher text know the IV used for encryption?
REST authentication S3 like hmac sha1 signature vs symetric data encryption
How to make TLS connection from PHP in web server, and safely
Using a random salt in password encryption?
SSL key exchange encryption techniques [closed]
Rijndael Padding Error
Trying to understand salting and hashing passwords in Ruby on Rails
Breaking 224-bit Blowfish encryption
Implementing Bouncy Castle Cipher Algorithms with Android
How store salt in distributed environment
to encrypt php or make it "call home"
viewStateEncryptionMode="Always" not encrypting
Decrypting RSA using OpenSSL.NET with Existing Key
Compression/encryption algorithms output guarantees

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!