1. 首頁
  2. 問答
  3. 爲什麼HMAC sha256在PHP和Javascript上返回不同的值

爲什麼HMAC sha256在PHP和Javascript上返回不同的值

2016-01-22 292 views
3

我試圖在Javascript中使用CryptoJS構建HMAC SHA256字符串,我現有的代碼是使用Akamai庫在PHP中編寫的。爲什麼HMAC sha256在PHP和Javascript上返回不同的值

在某些情況下,我比PHP &得到不同的結果我無法理解爲什麼它給我不同的結果

/* 
     <php> Using native hash_hmac 
     Generating key by concatenating char 
    */ 

     $signature1 = hash_hmac('SHA256', "st=1453362060~exp=1453363260~acl=/*", chr(63)); 
     $signature2 = hash_hmac('SHA256', "st=1453362060~exp=1453363260~acl=/*", chr(63) . chr(23)); 
     $signature3 = hash_hmac('SHA256', "st=1453362060~exp=1453363260~acl=/*", chr(63) . chr(23) . chr(253)); 

    /* 
     here is result from php 
     signature1 : 3e086bb48ab9aafa85661f9ce1b7dac49befddf117ce2a42d93c92b6abe513ce (matched: same as JavaScript) 
     signature2 : 3667dd414a50f68f7ce083e540f27f68f7d0f18617b1fb1e4788bffeaeab59f6(matched: same as JavaScript) 
     signature3 : dd5a20041661046fdee871c8b9e77b3190fbbf85937c098090a1d524719b6aa9 (not matched: diff from JavaScript) 
    */ 


    /* 
     <JavaScript> using CryptoJS 
     Generating key by concatenating three char 
    */ 

    var signature1 = CryptoJS.HmacSHA256("st=1453362060~exp=1453363260~acl=/*", String.fromCharCode(63)); 
    var signature2 = CryptoJS.HmacSHA256("st=1453362060~exp=1453363260~acl=/*", String.fromCharCode(63) + String.fromCharCode(23)); 
    var signature3 = CryptoJS.HmacSHA256("st=1453362060~exp=1453363260~acl=/*", String.fromCharCode(63) + String.fromCharCode(23) + String.fromCharCode(253)); 

    /* 
     here is result from JavaScript 
     signature1 : 3e086bb48ab9aafa85661f9ce1b7dac49befddf117ce2a42d93c92b6abe513ce (matched: same as php) 
     signature2 : 3667dd414a50f68f7ce083e540f27f68f7d0f18617b1fb1e4788bffeaeab59f6 (matched: same as php) 
     signature3 : 28075dc75de9f22f83e87772f09a89efb007f2e298167686832eff122ef6eb08 (not matched: diff from php) 
    */

前兩個HMAC值相匹配,但是當我追加第三焦炭它產生不同的結果,任何人都可以解釋爲什麼這是。

這裏是
PHPFiddle & JSFiddle

來源

2016-01-22 Anil Gupta

回答

2

CryptoJS添加UTF8編碼中的 「鑰匙」,同時創造哈希SHA256,使我們得到不同的值。

如果我在PHP側包裹函數utf8_encode那麼我們將得到的比較JavaScript的

 // <php> 
    $key = chr(63) . chr(23) . chr(253); 
    signature3 = hash_hmac('SHA256', "st=1453362060~exp=1453363260~acl=/*", utf8_encode($key));

來源

2016-01-22 11:14:48

+1

如何使CryptoJS獲得PHP的結果,而不是(反向)相同的HMAC值? – Raptor

相關問題

 相關問題