If you target iOS 13.0+ or macOS 10.15+, use Apple’s CryptoKit import CryptoKit let secretString = “my-secret” let key = SymmetricKey(data: Data(secretString.utf8)) let string = “An apple a day keeps anyone away, if you throw it hard enough” let signature = HMAC<SHA256>.authenticationCode(for: Data(string.utf8), using: key) print(Data(signature).map { String(format: “%02hhx”, $0) }.joined()) // 1c161b971ab68e7acdb0b45cca7ae92d574613b77fca4bc7d5c4effab89dab67
HmacSHA1 seems to be the algorithm name you need: SecretKeySpec keySpec = new SecretKeySpec( “qnscAdgRlkIhAUPY44oiexBKtQbGY0orf7OV1I50”.getBytes(), “HmacSHA1”); Mac mac = Mac.getInstance(“HmacSHA1”); mac.init(keySpec); byte[] result = mac.doFinal(“foo”.getBytes()); BASE64Encoder encoder = new BASE64Encoder(); System.out.println(encoder.encode(result)); produces: +3h2gpjf4xcynjCGU5lbdMBwGOc= Note that I’ve used sun.misc.BASE64Encoder for a quick implementation here, but you should probably use something that doesn’t depend on the Sun … Read more
There is no way to send a password securely that the user can verify without SSL. Sure, you can write some JavaScript that will make a password secure for over-the-wire transmission through hashing or public-key-encryption. But how can the user be sure that the JavaScript itself has not been tampered with by a man-in-the-middle before … Read more
Use hash_hmac: $sig = hash_hmac(‘sha256’, $string, $secret); Where $secret is your key.
The simplest way can be – private static final String HMAC_SHA512 = “HmacSHA512”; private static String toHexString(byte[] bytes) { Formatter formatter = new Formatter(); for (byte b : bytes) { formatter.format(“%02x”, b); } return formatter.toString(); } public static String calculateHMAC(String data, String key) throws SignatureException, NoSuchAlgorithmException, InvalidKeyException { SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes(), HMAC_SHA512); Mac … Read more
In fact they do agree. As Hans Doggen already noted PHP outputs the message digest using hexadecimal notation unless you set the raw output parameter to true. If you want to use the same notation in Java you can use something like for (byte b : digest) { System.out.format(“%02x”, b); } System.out.println(); to format the … Read more
Pseudocodish: def sign_request(): from hashlib import sha1 import hmac # key = b”CONSUMER_SECRET&” #If you dont have a token yet key = b”CONSUMER_SECRET&TOKEN_SECRET” # The Base String as specified here: raw = b”BASE_STRING” # as specified by OAuth hashed = hmac.new(key, raw, sha1) # The signature return hashed.digest().encode(“base64”).rstrip(‘\n’) Signature errors usually reside in the base-string, … Read more
Here’s how you generate an HMAC using SHA-256: NSString *key; NSString *data; const char *cKey = [key cStringUsingEncoding:NSASCIIStringEncoding]; const char *cData = [data cStringUsingEncoding:NSASCIIStringEncoding]; unsigned char cHMAC[CC_SHA256_DIGEST_LENGTH]; CCHmac(kCCHmacAlgSHA256, cKey, strlen(cKey), cData, strlen(cData), cHMAC); NSData *HMAC = [[NSData alloc] initWithBytes:cHMAC length:sizeof(cHMAC)]; NSString *hash = [HMAC base64Encoding]; I’m not aware of an HOTP library, but the algorithm … Read more