tags:

views:

369

answers:

3

I'm trying to create an HMAC in Ruby and then verify it in PHP.

Ruby:

require 'openssl'
message = "A522EBF2-5083-484D-99D9-AA97CE49FC6C,1234567890,/api/comic/aWh62,GET"
key     = "3D2143BD-6F86-449F-992C-65ADC97B968B"
hash    = OpenSSL::HMAC.hexdigest('sha256', message, key)
p hash

PHP:

<?php
  $message = "A522EBF2-5083-484D-99D9-AA97CE49FC6C,1234567890,/api/comic/aWh62,GET";
  $key     = "3D2143BD-6F86-449F-992C-65ADC97B968B";
  $hash    = hash_hmac("sha256", $message, $key);
  var_dump($hash);
?>

For the Ruby, I get: 20e3f261b762e8371decdf6f42a5892b530254e666508e885c708c5b0bfc03d3

For the PHP, I get: e5f6995ba1496b2fb144329b2d1b3b23c8fa3211486e57bfaec5d993a1da9d15

I and some colleagues are at a complete loss, any help would be greatly appreciated.

A: 

This is a long shot, but try using single quotes instead of double quotes in your PHP code.

Constant M
php is the party that gives correct results.
Michael Krelin - hacker
Shouldn't make a difference as there are no characters in the string that would be treated differently if it was in single quotes.
Daniel Vandersluis
+3  A: 

ruby's OpenSSL::HMAC.hexdigest expects first key and then message.

irb(main):002:0> OpenSSL::HMAC.hexdigest('sha256','3D2143BD-6F86-449F-992C-65ADC97B968B','A522EBF2-5083-484D-99D9-AA97CE49FC6C,1234567890,/api/comic/aWh62,GET')
=> "e5f6995ba1496b2fb144329b2d1b3b23c8fa3211486e57bfaec5d993a1da9d15"
Michael Krelin - hacker
Well, I'll be damned. Thanks:)
jimktrains
A: 

I have the same problem. I did input parameters in correct order, but I have difference:

Ruby:

>> OpenSSL::HMAC.hexdigest('sha256','49a40e1d5c24be8a6e7d566a05d346d0','eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEyNzk4MTgwMDAsIm9hdXRoX3Rva2VuIjoiMTIxMTc2NDk3OTEwMTg5fDIuNlBKWkFNTFozOGcxaUZYMXdraUZwZ19fLjM2MDAuMTI3OTgxODAwMC02MjAzMDc1NDJ8UXd5MHVuZEJ2YVlSYnJWcDBFSkN4eGdVRjQ4LiIsInVzZXJfaWQiOiI2MjAzMDc1NDIifQ')

=> "88e0d97d68acf161407af5965ae1e33b1743dbc400af1cc8a2020d47f45ca83e"

PHP:

var_dump(hash_hmac('sha256','eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEyNzk4MTA4MDAsIm9hdXRoX3Rva2VuIjoiMTIxMTc2NDk3OTEwMTg5fDIuNENNcl9UWV9OVnNKTmpSQlNzOGQ1QV9fLjM2MDAuMTI3OTgxMDgwMC02MjAzMDc1NDJ8eFg5QTBLRzRKbnNHNXZmQ2VaSGJpQmNJeE9vLiIsInVzZXJfaWQiOiI2MjAzMDc1NDIifQ','49a40e1d5c24be8a6e7d566a05d346d0',false));

$ string(64) "61c9a97bd820052765e1291708352acadb397ea15489bf8be18bd34f775cda1a"