0

I am following the below steps to compute the HMAC using SHA1 algorithm using two different API and both the outputs are not matching.

1) I first compute HMAC for a given data and key using SHA1 algorithm through BouncyCastle API.

2) We compute HMAC for the data and key inside the HSM(Thales) using PKCS11 API(Pkcs11Interop).

When we compared the results of 1 and 2 the data does not match.

Bouncy Castle code:

        HMAC hmac = HMACSHA1.Create();

        String key = "BC55B4580589775F887890A7ACA5E624";

        hmac.Key = Util.HexStringToByteArray(key);

        byte[] modInput = Util.HexStringToByteArray("000000000000000000000006000080012b0601040181e438010102041603");

        String ki = Util.ByteArrayToHexString(hmac.ComputeHash(modInput));

PKCS11 code:

       ObjectHandle k = FindObjectByLabel(keyLabel);//same key as above

       Mechanism m = new Mechanism(CKM.CKM_SHA_1_HMAC);

      **//We have verified that both key and data value are the same**
      return mSession.Connection.Sign(m, k, data);

Can anyone please help on this?

Alexandre Fenyo
  • 4,526
  • 1
  • 17
  • 24
Venkat
  • 19
  • 2
  • What were the two outputs? How did you compare the two keys and data values? – David Schwartz Sep 05 '17 at 21:39
  • 1
    Could you please create [MCVE](https://stackoverflow.com/help/mcve) console app that imports the key into HSM, then uses the same key for HMAC operation via both APIs and compares the result? – jariq Sep 05 '17 at 21:41

0 Answers0