Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Coldfusion HMAC-SHA1 encryption

There is an example HMAC-SHA1 here that works in javascript

http://jssha.sourceforge.net/

Text to encrypt

vibaHBXwUXFqVSg-+kTrqYJZEJkbVeqLc=bo.LlXGET12505351831husu9039http://api.tineye.com/rest/search/image_url=http%3a%2f%2ftineye.com%2fimages%2ftineye_logo_big.png&limit=30&offset=10

Key

vibaHBXwUXFqVSg-+kTrqYJZEJkbVeqLc=bo.LlX

Output

9e734661c9e8b6dc9b6b4b3def9769c00e8843b8

Issue

I can't however duplicate the output in Coldfusion. I'm using a function from a previous Stackoverflow.com question

<cffunction name="hmacEncrypt" returntype="binary" access="public" output="false">
   <cfargument name="signKey" type="string" required="true" />
   <cfargument name="signMessage" type="string" required="true" />


   <cfset var jMsg = JavaCast("string",arguments.signMessage).getBytes("iso-8859-1") />
   <cfset var jKey = JavaCast("string",arguments.signKey).getBytes("iso-8859-1") />

   <cfset var key = createObject("java","javax.crypto.spec.SecretKeySpec") />
   <cfset var mac = createObject("java","javax.crypto.Mac") />

   <cfset key = key.init(jKey,"HmacSHA1") />

   <cfset mac = mac.getInstance(key.getAlgorithm()) />
   <cfset mac.init(key) />
   <cfset mac.update(jMsg) />

   <cfreturn mac.doFinal() />
</cffunction>

<cfset result = hmacEncrypt("vibaHBXwUXFqVSg-+kTrqYJZEJkbVeqLc=bo.LlX", "vibaHBXwUXFqVSg-+kTrqYJZEJkbVeqLc=bo.LlXGET12505351831husu9039http://api.tineye.com/rest/search/image_url=http%3a%2f%2ftineye.com%2fimages%2ftineye_logo_big.png&limit=30&offset=10")>

<cfset x1 = toString(tobase64(result))>

This returns

nnNGYcnottyba0s975dpwA6IQ7g=

Any help appreciated.

like image 843
Brettski Avatar asked Jan 18 '23 13:01

Brettski


2 Answers

<cfset x1 = toString(tobase64(result))>

The other function is returning hex, not base64. Other than that it seems to work fine for me:

 <cfset x1 = binaryEncode(result, "hex")>
like image 156
Leigh Avatar answered Jan 25 '23 07:01

Leigh


The clue is in your expected output string: it contains only digits and lowercase letters. If you look closer, all the letters are in the range a-f. Therefore it is extremely likely that it is a hexadecimal string.

The last line of your example code encodes the result as base64, not hexadecimal. You can encode the result as hexadecimal by changing the last line to this:

<cfset x1 = binaryEncode(result,"hex")>

I ran the modified code and got

9E734661C9E8B6DC9B6B4B3DEF9769C00E8843B8

which is the uppercase version of your expected string.

like image 24
Boomerang Fish Avatar answered Jan 25 '23 07:01

Boomerang Fish