Ruby and PHP HMACs not agreeing

前端 未结 2 1350
无人共我
无人共我 2021-02-05 20:35

I\'m trying to create an HMAC in Ruby and then verify it in PHP.

Ruby:

require \'openssl\'
message = \"A522EBF2-5083-484D-99D9-AA97CE49FC6C,1234567890,/a         


        
相关标签:
2条回答
  • 2021-02-05 20:50

    ruby's OpenSSL::HMAC.hexdigest expects first key and then message.

    irb(main):002:0> OpenSSL::HMAC.hexdigest('sha256','3D2143BD-6F86-449F-992C-65ADC97B968B','A522EBF2-5083-484D-99D9-AA97CE49FC6C,1234567890,/api/comic/aWh62,GET')
    => "e5f6995ba1496b2fb144329b2d1b3b23c8fa3211486e57bfaec5d993a1da9d15"
    
    0 讨论(0)
  • 2021-02-05 21:01

    I noticed that

    hash = HMAC::SHA256(key) 
    hash << a
    hash << b
    hash << c
    

    gives different result than PHP's

    hash_hmac('sha256',$a.$b.$c, $key)
    

    beware of this caveat. To get correct, just do

    hash = HMAC::SHA256(key)
    hash << "#{a}#{b}#{c}"
    
    0 讨论(0)
提交回复
热议问题