Generate signature in Elixir and PHP using hmac

Question

I try to generate a signature using Elixir, which has a same value as PHP does.

For example the code in PHP is

$signature = base64_encode(hash_hmac("sha256", "abc", "def"));

and the output will be

Mzk3ZjQ2NzM0MWU0ZDc4YzQ3NDg2N2VmMzI2MWNkYjQ2YzBlMTAzNTFlOWE5ODk5NjNlNmNiMmRjZTQwZWU1ZA==

How should I generate the signature that has the same value in Elixir. I tried something like below

iex(9)> :crypto.hmac(:sha256, "abc", "def") |> Base.encode64                          │
"IOvA8JNERwE081BA9j6pix2OQUISlJ7lxQBCnRXqsIE="

iex(10)> :crypto.hash(:sha256, :crypto.hmac(:sha256, "abc", "def")) |> Base.encode64  │
"dxGiPN6KqBJrtS2wlC4tnJXwUsWf4u1LPDtDFK+VT5A="

or I switch the position of abc and def

iex(11)> :crypto.hash(:sha256, :crypto.hmac(:sha256, "def", "abc")) |> Base.encode64  │
"b+3P5oHu8e6HIlJe2MzcGhKm7tCcF/NE5wPIbEhrFGU="

iex(12)> :crypto.hmac(:sha256, "def", "abc") |> Base.encode64                         │
"OX9Gc0Hk14xHSGfvMmHNtGwOEDUempiZY+bLLc5A7l0="

But none of them has the same value. Can someone tell me how to do it the right way?

score 4 · Accepted Answer · answered Sep 16 '15 at 07:40

4

The main problem is that hash_hmac returns a hex string, while :crypto.hmac returns a binary.

The equivalent code in Elixir is:

iex(1)> :crypto.hmac(:sha256, "def", "abc") |> Base.encode16 |> String.downcase |> Base.encode64
"Mzk3ZjQ2NzM0MWU0ZDc4YzQ3NDg2N2VmMzI2MWNkYjQ2YzBlMTAzNTFlOWE5ODk5NjNlNmNiMmRjZTQwZWU1ZA=="

We need to use String.downcase because Base.encode16 returns a hex string with capital A-F while PHP's hash_hmac returns lower case a-f.

answered Sep 16 '15 at 07:40

Dogbert

212,659
41
396
397

4

After check out the document, I found out I can do it like `...|> Base.encode16(case: :lower) |> Base.encode64` without `String.downcase` – 王志軍 Sep 16 '15 at 08:11

Generate signature in Elixir and PHP using hmac

1 Answers1

Linked