Calculate HMAC-SHA256 digest in Coldfusion using Java

Question

We are trying to calculate a HMAC-SHA256 digest in Coldfusion and we are using the HMAC CFC, but in one case it is producing a different result for the digest compared to ones generated in different languages - have tried the same data using Ruby & PHP and get the expected result. I have also tried the CF_HMAC custom tag it is based on and get the same results.

I understand that from CF8 encrypt() supports HMAC-SHA256, but it's only available in Enterprise (which we don't have) and isn't even available in developer version for me to test.

So my question is can I do this by accessing Java from CF?

Answer 1

This is what I ended up doing:

secret = createObject('java', 'javax.crypto.spec.SecretKeySpec' ).Init(my_key.GetBytes(), 'HmacSHA256');
mac = createObject('java', "javax.crypto.Mac");
mac = mac.getInstance("HmacSHA256");
mac.init(secret);
digest = mac.doFinal(my_key.GetBytes());

This gives you the byte array, which you can then convert to a string.

Answer 2

Should that last line be

digest = mac.doFinal(my_key.GetBytes());