0

I am con verting PHP code to Rails code and i am facing issues generating signature using base64_encode and hash_mac. The signature generated in php is 48 in length and while in Rails its in different length but fixed.

For example in PHP the signature is Jth7QaN%2F2eCMZxqjZRP%2FZ%2F%2FtKcHHkGf%2F6XB8xPBvp3I%3D

and in rails is 4ZC7dPRWHl6%2BzDcw9pDnfo2MMRCMNSvTZ8a7a6iPo6Q%3D%0A

How can i convert the below code to Rails

PHP Code:

return base64_encode(
    hash_hmac('sha256', $data, $key, true)
);

Below is the Rails code i am using, but the singatures generated are of different length

Rails Code:

signature_val = Base64.encode64(OpenSSL::HMAC.digest('sha256', key, data))

Can anyone help me to convert the PHP code to Correct Rails code, so that i can generate the signature properly.

Thanks.

opensource-developer
  • 2,826
  • 4
  • 38
  • 88
  • The signature shouldn’t be changing length, a fixed length digest is (part of) the point. Can you give examples where you are getting different lengths? Also what hash algorithm are you using in PHP, is it SHA256 as well? – matt Sep 29 '15 at 12:23
  • hi sry, you were correct, the digest length is fixed, and yes PHP also used sha256. Have edited my question accordingly – opensource-developer Sep 29 '15 at 12:29
  • How different are they? I’m getting the same results except Ruby is adding a line feed at the end. (Try `Base64.strict_encode` to have Ruby not add line feeds). – matt Sep 29 '15 at 12:49
  • this is what i am getting in ruby 4ZC7dPRWHl6%2BzDcw9pDnfo2MMRCMNSvTZ8a7a6iPo6Q%3D%0A and this is in php Jth7QaN%2F2eCMZxqjZRP%2FZ%2F%2FtKcHHkGf%2F6XB8xPBvp3I%3D – opensource-developer Sep 29 '15 at 12:57
  • `encode64` isn’t going to give you `%` in the output. – matt Sep 29 '15 at 13:02
  • If you URI unescape both of those values they are both the same length. You’re escaping your results after base 64 encoding them, so the length will differ depending on how many `/` and `+` there are. – matt Sep 29 '15 at 13:07
  • hello matt, so will URI unescape resolve the issue? – opensource-developer Sep 29 '15 at 13:23
  • You need to refine your question. The PHP and Ruby code you’ve given won’t produce the outputs the show – there must be something more going on (the URI escaping). – matt Sep 29 '15 at 13:33
  • Actually when i check the PHP code, the spaces are encoded as %20 and @ is encoded as %40 when parameters are sent and when i am generting the same in ruby using URI.encode_www_form(params) they are not, may be that could be the reason the signatures are not proper? – opensource-developer Sep 29 '15 at 13:42

1 Answers1

1

You can use the next line if you want to simulate the true part for hmac (the fourth parameter):

 OpenSSL::HMAC.digest(digest, key, data)

and the next line for false:

OpenSSL::HMAC.hexdigest(digest, key, data)

where

key = 'key'
data = 'The quick brown fox jumps over the lazy dog'
digest = OpenSSL::Digest.new('sha1') # replace sha1 with whatever you want

resource is here

Amr Adel
  • 574
  • 1
  • 7
  • 18