如何使用Base64编码执行HMAC-SHA1？

Question

I'm trying to setup an app to sign with my URLs so they may authenticate but I can't seem to figure out how to replicate the code that I'm trying from the following page: https://help.sendowl.com/help/signed-urls#example

order_id=12345&buyer_name=Test+Man&buyer_email=test%40test.com&product_id=123&signature=QpIEZjEmEMZV%2FHYtinoOj5bqAFw%3D

buyer_email=test@test.com&buyer_name=Test Man&order_id=12345&product_id=123

buyer_email=test@test.com&buyer_name=Test Man&order_id=12345&product_id=123&secret=t0ps3cr3t

publicStr&t0ps3cr3t

This is the steps:

1. First order the parameters (removing the signature) and unescape them:
2. Next append your Signing secret:
3. Generate the key to sign with:
4. Perform the HMAC-SHA1 digest with Base 64 encode: QpIEZjEmEMZV/HYtinoOj5bqAFw=

The following is what I tried but end up not getting the same result:

$signKey = "t0ps3cr3t";
$signData = "buyer_email=test@test.com&buyer_name=Test Man&order_id=12345&product_id=123&secret=t0ps3cr3t";

$passData = hash_hmac("sha1", $signData, base64_decode(strtr($signKey)), true);
$passData = base64_encode($passData);

echo $passData;

I keep getting x8NXmAmkNBPYCXwtj65mdVJ8lPc=

Answer 1

I was able to replicate with the following: took me a bit to figure out something so simple.. been coding for 11 hours straight.

Thanks.

$data = "buyer_email=test@test.com&buyer_name=Test Man&order_id=12345&product_id=123&secret=t0ps3cr3t";
$key = "publicStr&t0ps3cr3t";

$pass1 = hash_hmac('sha1', $data, $key, true);
$pass = base64_encode($pass1);

echo $pass;

$pass will return "QpIEZjEmEMZV/HYtinoOj5bqAFw=", the correct value.

Answer 2

$current_timestamp = Carbon::now()->timestamp;
    $signstring = "z001-line-anime-gif." . $current_timestamp . ".aaaabbbbccccdddd";
    $secret = 'STG-7f*(:hsM-1_eQ_ZD175QgEoJhI$:oR.zEQ<z';

    $sig = hash_hmac('sha1', $signstring, $secret);

    $signature = hex2bin($sig);

    $signature = base64_encode($signature);
    return $signature;