How can I generate a HmacSHA256 signature of a string
Use hash_hmac
:
$sig = hash_hmac('sha256', $string, $secret)
Where $secret
is your key.
HMAC sha256 in PHP does not return output in hex and with dash (-)
Output format for hash hmac sha256 on php is not exactly identical with c#. Here is example of php's hash hmac sha256: https://stackoverflow.com/a/2708000/3706717
string '07a932dd17adc59b49561f33980ec5254688a41f133b8a26e76c611073ade89b' (length=64)
You just need to convert it to c#'s format
- add a dash every 2 character
- transform to uppercase
$string = '07a932dd17adc59b49561f33980ec5254688a41f133b8a26e76c611073ade89b';
$string = strtoupper($string);
$arr = str_split($string, 2);
$string = implode("-", $arr);
var_dump($string);
output:
string(95) "07-A9-32-DD-17-AD-C5-9B-49-56-1F-33-98-0E-C5-25-46-88-A4-1F-13-3B-8A-26-E7-6C-61-10-73-AD-E8-9B"
assuming the plaintext and secret is the same, the output of both c# and php (transformed by code above) should be equal string.
HMAC-SHA-256 in PHP
There's a couple of things to notice:
- Your key is base64-encoded. You have to decode it before you could use it with php functions. That's the most important thing you have missed.
- Mhash is obsoleted by Hash extension.
- You want output to be encoded in a custom fashion, so it follows that you need raw output from hmac function (php, by default, will hex-encode it).
So, using hash extension this becomes:
$key = "LRH9CAkNs-zoU3hxHbrtY0CUUcmqzibPeN7x6-vwNWQ=";
$str = "kki98hkl-u5d0-w96i-62dp-xpmr6xlvfnjz:20151110171858:b2c13532-3416-47d9-8592-a541c208f755:hKSeRD98BHngrNa51Q2IgAXtoZ8oYebgY4vQHEYjlmzN9KSbAVTRvQkUPsjOGu4F";
function encode($data) {
return str_replace(['+', '/'], ['-', '_'], base64_encode($data));
}
function decode($data) {
return base64_decode(str_replace(['-', '_'], ['+', '/'], $data));
}
$binaryKey = decode($key);
var_dump(encode(hash_hmac("sha256", $str, $binaryKey, true)));
Outputs:
string(44) "P-WgZ8CqV51aI-3TncZj5CpSZh98PjZTYxrvxkmQYmI="
C# HMACSHA256 equivalent in PHP
This should do the trick:
string result = createSignature("AABBCC", 0, "1", "mykey");
// FFB95E1E991734F1C2AE0B7C7ACECFAA5D3BEE943189539C3439B344A9A82E39
Console.WriteLine(result);
<?php
$nonce = 0;
$customer = '1';
$api_key = 'mykey';
$api_secret = hex2bin('AABBCC');
$string = $nonce . $customer . $api_key;
$signature = strtoupper(hash_hmac('sha256', $string, $api_secret));
// FFB95E1E991734F1C2AE0B7C7ACECFAA5D3BEE943189539C3439B344A9A82E39
echo $signature;
Using JavaScipt for calculating HMAC-SHA256 signature
The key is processed as a hexadecimal encoded string in the PHP and Java code, but not in the NodeJS code. To do the same in the NodeJS code, replace 'abc123'
with Buffer.from('abc123', 'hex')
in the createHmac
call.
Related Topics
I Have a Base64 Encoded Png, How to Write the Image to a File in PHP
Check If Laravel Model Got Saved or Query Got Executed
Can't Make Laravel 4 to Work on Localhost
Group Array Values Based on Key in PHP
Recursive Function to Get All the Child Categories
Get Total Time Difference Between Two Dates Using PHP
Sql_Calc_Found_Rows/Found_Rows() Does Not Work in PHP
How to Consume a Wcf Web Service That Uses Custom Username Validation with a PHP Page
Get Date for Monday and Friday for the Current Week (Php)
How to Remove Empty Paragraph Tags from String
How to Search Through a JSON Array in PHP
PHP Soap Client for Uk Mail Webservice API
Sending Correct File Size with PHP Download Script