hash_hmac在使用纯传统的ASP [英] hash_hmac in using pure classic ASP

问题描述

我想知道，有没有什么办法来实现 hash_hmac（SHA256，$令牌，$ signkey，真实）（PHP）在传统的ASP？

我需要它verificate从Facebook的signed_request
https://developers.facebook.com/docs/howtos/login/signed-请求/

  //添加下面的signed_request验证
$ expected_sig = hash_hmac（'SHA256'，$有效载荷，$秘密，$原料= TRUE）;
如果（$ SIG！== $ expected_sig）{
  error_log中（坏签名JSON签名！'）;
  返回null;
}
 

解决方案

我一直在使用一个文件我在Amazon论坛找到。这是螺纹：
<一href=\"https://forums.aws.amazon.com/message.jspa?messageID=147377\">https://forums.aws.amazon.com/message.jspa?messageID=147377

它使用的.wsc文件，它仅仅是一个JScript文件定义了一个对象，你可以在你的ASP code使用。像这样的：

 '###一定有sha256.wsc在同一文件夹作为此脚本
    昏暗的SHA256
    设置SHA256 = GetObject的（脚本：＆放大器;使用Server.Mappath（sha256.wsc））
    sha256.hexcase = 0    昏暗的结果
    结果= sha256.b64_hmac_sha256（SecretKey的，stringtosign）
 

这是原本是用来签署要求亚马逊API的文件。至于原因，我不明白，这包括在的.wsc文件中这一行code的：

  D = d.replace（/ \\ s /克，\\ n）;
 

这个转换的所有空格字符，包括空格，以'\\ n'。很难相信空间需要转换成\\ n。无论如何，我不得不注释掉此行，使code为我工作！和它的工作。我一直在使用了一段时间没有问题的。

从sha256.wsc文件：

  / *
 *一个JavaScript实现安全散列算法，SHA-256，定义
 *在FIPS 180-2
 * 2.2版版权所有天使马林，保罗·约翰斯顿2000  -  2009。
 *其他贡献者：格雷格·霍尔特，安德鲁Kepert，Ydnar，Lostinet
 *在BSD许可证下发布
 *请参阅http://pajhome.org.uk/crypt/md5了解详情。
 *由丹尼尔·奥马利改编成WSC用于传统的ASP
 *（基于由Erik Oosterwaal的SHA-1为例）
 *与亚马逊产品广告API的使用
 * /
 

直接链接到sha256.wsc文件：
<一href=\"https://forums.aws.amazon.com/servlet/JiveServlet/download/9-34858-139271-2601/sha256.wsc\">https://forums.aws.amazon.com/servlet/JiveServlet/download/9-34858-139271-2601/sha256.wsc

我一直无法找到一个官方下载网站。

I want to know, is there any way to achieve hash_hmac("sha256", $token, $signkey, true) (php) in classic ASP?

I need it to verificate the signed_request from Facebook https://developers.facebook.com/docs/howtos/login/signed-request/

// Adding the verification of the signed_request below
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); 
if ($sig !== $expected_sig) {
  error_log('Bad Signed JSON signature!');
  return null;
}

解决方案

I have been using a file I found on an Amazon forum. This is the thread: https://forums.aws.amazon.com/message.jspa?messageID=147377

It uses a .wsc file, which is just a JScript file that defines a object you can use in your ASP code. Like this:

' ### be sure to have sha256.wsc in the same folder as this script
    Dim sha256
    Set sha256 = GetObject( "script:" & Server.MapPath("sha256.wsc") )
    sha256.hexcase = 0

    Dim result
    result = sha256.b64_hmac_sha256( secretkey, stringtosign )

This is a file which was originally used to sign request to the Amazon API. For reasons I don't understand this included this line of code in .wsc file:

d=d.replace ( /\s/g, "\n");

This converts all whitespace characters, including spaces, to '\n'. Hard to believe that spaces need to be converted to "\n". Anyway, I had to comment out this line to make the code work for me! And it does work. I have been using it for a while without problems.

From the sha256.wsc file:

/*
 * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
 * in FIPS 180-2
 * Version 2.2 Copyright Angel Marin, Paul Johnston 2000 - 2009.
 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
 * Distributed under the BSD License
 * See http://pajhome.org.uk/crypt/md5 for details.
 * Adapted into a WSC for use in classic ASP by Daniel O'Malley
 * (based on an SHA-1 example by Erik Oosterwaal)
 * for use with the Amazon Product Advertising API
 */

Direct link to the sha256.wsc file: https://forums.aws.amazon.com/servlet/JiveServlet/download/9-34858-139271-2601/sha256.wsc

I have been unable to find an official download site.

这篇关于hash_hmac在使用纯传统的ASP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！