West Wind Internet and Client Tools
wwEncrypt HMACSHA256
Gravatar is a globally recognized avatar based on your email address. wwEncrypt HMACSHA256
  Todd Landrum
  May 23, 2017 @ 07:39am

I'm trying to do a HMAC SHA256 encryption and can't seem to get the right answer. Using VFPEncryption.FLL, I do get what the service says is the "right" answer. Here's the code

DO prog\wwEncryption

LOCAL oEncrypt, oUtils
oEncrypt = CREATEOBJECT("wwEncryption")

LOCAL lcURLEncode, lcAPIKey, lcHash
lcAPIKey = "b1bdb357ced10fe4e9a69840cdd4f0e9c03d77fe"
lcURLEncode = "Action=FeedList&Format=XML&Timestamp=2015-07-01T11%3A11%3A11%2B00%3A00&UserID=look%40me.com&Version=1.0"

* Westwind
lcHash = oEncrypt.ComputeHash(lcURLEncode,"HMACSHA256", lcAPIKey)
?"Hash Westwind", lcHash

* VFPEncryption.fll
SET LIBRARY TO vfpencryption.fll addi
lcHash = hmac(lcURLEncode, lcAPIKey, 2)  && 2 = HMACSHA256
?"VFPEncrypt", STRCONV(lcHash, 15)  && Convert to hex binary

Westwind returns: yvuNsshkEaYojVqBDgsktg==

VFPEncryption returns: 3CEB8ED91049DFC718B0D2D176FB2ED0E5FD74F76C5971F34CDAB48412476041

Gravatar is a globally recognized avatar based on your email address. re: wwEncrypt HMACSHA256
  Rick Strahl
  Todd Landrum
  May 23, 2017 @ 10:50am

Hi Todd,

There's a bug in the HMAC algorithm in that it adds the salt both to the algorithm for processing and to the data (which is what the salt does for all the other algos).

There's a bit more info in this thread: https://support.west-wind.com/Thread4X20165EC.wwt

The fix requires a change in wwdotnetbridge.dll (fixed but not published) at the moment.

+++ Rick ---

© 1996-2018