Menu
I am trying to build a HMAC SHA256 string in Javascript using CryptoJS, my existing code is written in PHP using the Akamai library.
In some cases I am getting different results compared to PHP & I am unable to understand why it is giving me different results
/*
<php> Using native hash_hmac
Generating key by concatenating char
*/
$signature1 = hash_hmac('SHA256', "st=1453362060~exp=1453363260~acl=/*", chr(63));
$signature2 = hash_hmac('SHA256', "st=1453362060~exp=1453363260~acl=/*", chr(63) . chr(23));
$signature3 = hash_hmac('SHA256', "st=1453362060~exp=1453363260~acl=/*", chr(63) . chr(23) . chr(253));
/*
here is result from php
signature1 : 3e086bb48ab9aafa85661f9ce1b7dac49befddf117ce2a42d93c92b6abe513ce ( matched: same as JavaScript)
signature2 : 3667dd414a50f68f7ce083e540f27f68f7d0f18617b1fb1e4788bffeaeab59f6( matched: same as JavaScript)
signature3 : dd5a20041661046fdee871c8b9e77b3190fbbf85937c098090a1d524719b6aa9 ( not matched: diff from JavaScript)
*/
/*
<JavaScript> using CryptoJS
Generating key by concatenating three char
*/
var signature1 = CryptoJS.HmacSHA256("st=1453362060~exp=1453363260~acl=/*", String.fromCharCode(63));
var signature2 = CryptoJS.HmacSHA256("st=1453362060~exp=1453363260~acl=/*", String.fromCharCode(63) + String.fromCharCode(23));
var signature3 = CryptoJS.HmacSHA256("st=1453362060~exp=1453363260~acl=/*", String.fromCharCode(63) + String.fromCharCode(23) + String.fromCharCode(253));
/*
here is result from JavaScript
signature1 : 3e086bb48ab9aafa85661f9ce1b7dac49befddf117ce2a42d93c92b6abe513ce ( matched: same as php)
signature2 : 3667dd414a50f68f7ce083e540f27f68f7d0f18617b1fb1e4788bffeaeab59f6 ( matched: same as php)
signature3 : 28075dc75de9f22f83e87772f09a89efb007f2e298167686832eff122ef6eb08 ( not matched: diff from php)
*/
First two HMAC values are matching but when I append the third char it produces different results, Can anyone please explain why this is.
here is
PHPFiddle &
JSFiddle
809
PHP HMAC SHA256 PHP has built in methods for hash_hmac(PHP 5) and base64_encode(PHP 4, PHP 5) resulting in no outside dependencies. Say what you want about PHP but they have the cleanest code for this example.
Powershell (Windows) HMAC SHA256 Mostly wrapping of.NET libraries but useful to see it in powershell's befuddling syntax. See code as gist
Returns a string containing the calculated message digest as lowercase hexits unless binary is set to true in which case the raw binary representation of the message digest is returned. hash_hmac () now throws a ValueError exception if algo is unknown or is a non-cryptographic hash function; previously, false was returned instead.
HMAC stands for keyed-hash message authentication code or hash-based message authentication code. It makes use of cryptographic hash function like md5, sha-256 and a secret key to return the message digest hash of the given data. Name of the hashing algorithm.
CryptoJS add UTF8 encoding in "Key" while creating hash sha256 so that we are getting different value.
If i wrap utf8_encode in PHP side then we will get same hmac value as compare to JavaScript
// <php>
$key = chr(63) . chr(23) . chr(253);
signature3 = hash_hmac('SHA256', "st=1453362060~exp=1453363260~acl=/*", utf8_encode($key));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With