How to perform HMAC-SHA1 with Base64 Encode?

Question

I'm trying to setup an app to sign with my URLs so they may authenticate but I can't seem to figure out how to replicate the code that I'm trying from the following page: https://help.sendowl.com/help/signed-urls#example

order_id=12345&buyer_name=Test+Man&buyer_email=test%40test.com&product_id=123&signature=QpIEZjEmEMZV%2FHYtinoOj5bqAFw%3D

[email protected]&buyer_name=Test Man&order_id=12345&product_id=123

[email protected]&buyer_name=Test Man&order_id=12345&product_id=123&secret=t0ps3cr3t

publicStr&t0ps3cr3t

This is the steps:

1. First order the parameters (removing the signature) and unescape them:
2. Next append your Signing secret:
3. Generate the key to sign with:
4. Perform the HMAC-SHA1 digest with Base 64 encode: QpIEZjEmEMZV/HYtinoOj5bqAFw=

The following is what I tried but end up not getting the same result:

$signKey = "t0ps3cr3t";
$signData = "[email protected]&buyer_name=Test Man&order_id=12345&product_id=123&secret=t0ps3cr3t";

$passData = hash_hmac("sha1", $signData, base64_decode(strtr($signKey)), true);
$passData = base64_encode($passData);

echo $passData;

I keep getting x8NXmAmkNBPYCXwtj65mdVJ8lPc=

Answer 1

I was able to replicate with the following: took me a bit to figure out something so simple.. been coding for 11 hours straight.

Thanks.

$data = "[email protected]&buyer_name=Test Man&order_id=12345&product_id=123&secret=t0ps3cr3t";
$key = "publicStr&t0ps3cr3t";

$pass1 = hash_hmac('sha1', $data, $key, true);
$pass = base64_encode($pass1);

echo $pass;

$pass will return "QpIEZjEmEMZV/HYtinoOj5bqAFw=", the correct value.