为什么HMAC sha256在PHP&使用Javascript [英] Why HMAC sha256 return different value on PHP & Javascript

问题描述

我正在尝试使用CryptoJS在Javascript中构建一个HMAC SHA256字符串，我的现有代码是使用Akamai库用PHP编写的。

I am trying to build a HMAC SHA256 string in Javascript using CryptoJS, my existing code is written in PHP using the Akamai library.

在某些情况下我得到了与PHP相比，结果不同我无法理解为什么它会给我不同的结果

In some cases I am getting different results compared to PHP & I am unable to understand why it is giving me different results

    /* 
       <php> Using native hash_hmac
       Generating key by concatenating char 
    */ 

      $signature1 = hash_hmac('SHA256', "st=1453362060~exp=1453363260~acl=/*", chr(63));
      $signature2 = hash_hmac('SHA256', "st=1453362060~exp=1453363260~acl=/*", chr(63) . chr(23));
      $signature3 = hash_hmac('SHA256', "st=1453362060~exp=1453363260~acl=/*", chr(63) . chr(23) . chr(253));

    /*
       here is result from php
       signature1 : 3e086bb48ab9aafa85661f9ce1b7dac49befddf117ce2a42d93c92b6abe513ce ( matched: same as JavaScript)
       signature2 : 3667dd414a50f68f7ce083e540f27f68f7d0f18617b1fb1e4788bffeaeab59f6( matched: same as JavaScript)
       signature3 : dd5a20041661046fdee871c8b9e77b3190fbbf85937c098090a1d524719b6aa9 ( not matched: diff from JavaScript)
    */


    /* 
       <JavaScript> using CryptoJS
       Generating key by concatenating three char 
    */ 

    var signature1 = CryptoJS.HmacSHA256("st=1453362060~exp=1453363260~acl=/*", String.fromCharCode(63));
    var signature2 = CryptoJS.HmacSHA256("st=1453362060~exp=1453363260~acl=/*", String.fromCharCode(63) + String.fromCharCode(23));
    var signature3 = CryptoJS.HmacSHA256("st=1453362060~exp=1453363260~acl=/*", String.fromCharCode(63) + String.fromCharCode(23) + String.fromCharCode(253));

    /* 
       here is result from JavaScript
       signature1 : 3e086bb48ab9aafa85661f9ce1b7dac49befddf117ce2a42d93c92b6abe513ce ( matched: same as php)
       signature2 : 3667dd414a50f68f7ce083e540f27f68f7d0f18617b1fb1e4788bffeaeab59f6 ( matched: same as php)
       signature3 : 28075dc75de9f22f83e87772f09a89efb007f2e298167686832eff122ef6eb08 ( not matched: diff from php)
    */

前两个HMAC值是匹配的但是当我追加第三个字符时它产生不同的结果，任何人都可以解释为什么这样。

First two HMAC values are matching but when I append the third char it produces different results, Can anyone please explain why this is.

这里是

PHPFiddle &安培;
JSFiddle

推荐答案

CryptoJS在创建哈希sha256时在Key中添加UTF8编码，以便我们获得不同的值。

CryptoJS add UTF8 encoding in "Key" while creating hash sha256 so that we are getting different value.

如果我将utf8_encode包装在PHP方面然后我们将获得与JavaScript相比相同的hmac值

If i wrap utf8_encode in PHP side then we will get same hmac value as compare to JavaScript

     // <php>
     $key = chr(63) . chr(23) . chr(253);
     signature3 = hash_hmac('SHA256', "st=1453362060~exp=1453363260~acl=/*", utf8_encode($key));

这篇关于为什么HMAC sha256在PHP&使用Javascript的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！