tags:

views:

2681

answers:

7
+1  Q: 

iPhone and HMAC-SHA-1 encoding

im trying to get a call to amazon web service and im stuck on getting the signature, looked at this but i still have a question on it.

using this example what is the 

NSData *keyData;
NSData *clearTextData

? what do i need to pass for these two values? 

/*
  inputs:
  NSData *keyData;
  NSData *clearTextData
*/

uint8_t digest[CC_SHA1_DIGEST_LENGTH] = {0};

CCHmacContext hmacContext;
CCHmacInit(&hmacContext, kCCHmacAlgSHA1, keyData.bytes, keyData.length);
CCHmacUpdate(&hmacContext, clearTextData.bytes, clearTextData.length);
CCHmacFinal(&hmacContext, digest);

NSData *out = [NSData dataWithBytes:digest length:CC_SHA1_DIGEST_LENGTH]
A: 

Take a look at CocoaCryptoHashing for the SHA1 encoding

catlan  2009-04-09 20:24:51
+1  A: 

If you are calling the Amazon web service too look up prices or product details, your Amazon web service key will be disabled and your app will stop working.

Look at the terms of service of the Amazon Web Services, use by mobile clients is strictly disallowed:

https://affiliate-program.amazon.com/gp/advertising/api/detail/agreement.html

I found this out the hard way when my own application had my AWS key disabled in a production app. I had read the TOS, but it was not really there as you can see by the link above to some other obscure detail of use. You wouldn't think the affiliate program would have anything to do with the API, but it does.

You can find details of other apps blocked at this TechCrunch article:

http://www.techcrunch.com/2009/07/07/amazon-killing-mobile-apps-that-use-its-data/

Just giving you a heads up and hopefully saving you a lot of work.

Kendall Helmstetter Gelner  2009-04-10 04:51:28
Where does it say "use by mobile clients is strictly disallowed" http://aws.amazon.com/agreement/?
jeff7091  2009-11-08 09:36:41
I know from the actual experience of using the AWS and having Amazon revoke my key from a production app. I managed to find the clause once, but I can't find it again - annoyingly it was not in the AWS TOS you linked to (I had read through that before I even started developing)
Kendall Helmstetter Gelner  2009-11-08 23:06:22
I added links with more detail proving my point. Anyone care to remove the downvote since I am in fact being helpful and not misleading after all?
Kendall Helmstetter Gelner  2009-11-09 01:35:17
A: 

I posted one solution to this here, that returns the Base64 encoded data that AWS requests.

Alex Reynolds  2009-06-04 18:04:01
+6  A: 

I just spent like 4 hours Googling and looking for ways to calculate an unkeyed SHA1 on the iPhone that would match the results of the sha1() function in php. Here was the result:

    NSString *hashkey = <your data here>;
// PHP uses ASCII encoding, not UTF
const char *s = [hashkey cStringUsingEncoding:NSASCIIStringEncoding];
NSData *keyData = [NSData dataWithBytes:s length:strlen(s)];

// This is the destination
uint8_t digest[CC_SHA1_DIGEST_LENGTH] = {0};
// This one function does an unkeyed SHA1 hash of your hash data
CC_SHA1(keyData.bytes, keyData.length, digest);

// Now convert to NSData structure to make it usable again
NSData *out = [NSData dataWithBytes:digest length:CC_SHA1_DIGEST_LENGTH];
// description converts to hex but puts <> around it and spaces every 4 bytes
NSString *hash = [out description];
hash = [hash stringByReplacingOccurrencesOfString:@" " withString:@""];
hash = [hash stringByReplacingOccurrencesOfString:@"<" withString:@""];
hash = [hash stringByReplacingOccurrencesOfString:@">" withString:@""];
// hash is now a string with just the 40char hash value in it

Hopefully this will help others who are struggling with SHA1 on the iPhone

KeithF  2009-07-05 17:41:34
This helped me a lot. Thanks! I posted my code too!
Eonil  2010-05-06 05:15:34
magnificent work!!!!
sukitha  2010-08-10 11:56:22
this is so awesome! it only took me 30 mins to an hour or so of googling to find this (as opposed to 4) so thanks a ton!! :)
taber  2010-10-20 01:50:46
A: 

I just needed to SHA1-encrypt a password for a login procedure. The code works perfectly, thanks a lot, KeithF!

Lex  2009-11-13 18:51:33
A:  
// This is my code used in my Twitter connection, and working well for me.
// KeithF's code was a big help!
//
// This is a category added to NSData.

@implementation NSData (EOUtil)
- (NSData*)dataByHmacSHA1EncryptingWithKey:(NSData*)key
{   
    void* buffer = malloc(CC_SHA1_DIGEST_LENGTH);
    CCHmac(kCCHmacAlgSHA1, [key bytes], [key length], [self bytes], [self length], buffer);
    return [NSData dataWithBytesNoCopy:buffer length:CC_SHA1_DIGEST_LENGTH freeWhenDone:YES];
}
@end
Eonil  2010-05-06 05:17:43
A: 

Hi, thought I would lend a thought to the alleged banning of mobile apps by amazon:

First off they don't say they are banning mobile apps, they say specifically:

(e) You will not, without our express prior written approval, use any Product Advertising Content on or in connection with any site or application designed or intended for use with a mobile phone or other handheld device.

In other words you will not mention anything Amazon in an app that generates affiliate revenue. I already had an amusing (in my view) conversation with how it would appear that the affiliate program itself then is inherently violating their policies, as one cannot advertise their products without mentioning them now can they? (I was exaggerating other parts of the terms where it pretty much does the same thing to websites, and you have to remember, I was given my 1 and only warning after selling 20 book readers that may or may not have anything to do with Amazon and is in no way related to a Kanoodle, in 12 hours, but hey rules are rules, I mean s***, the federal law outlawing "interstate transport of woman for immoral purposes" is the reason I don't date anything but homeless girls without a car, I'm Johny Law, whatever you say Amazon, Mr. Amazon sir).

But that is neither here nor there, on this one, that guy is wrong, Amazon will not as a general principal it appears, delete your account, ban you, exile you to availability zone antartica (always use A there, B is freeeezing), etc. for developing a mobile app --- just don't mess with the affiliate program. And trust me, they are determined to effectively kill that thing off one way or another (yes the affiliate program, and no I don't have any idea why, ask them...).

no kindle for me  2010-09-06 21:52:20

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode