堆栈内存溢出
  简体   繁体   English

为什么我的crypto.createHmac()为相同的输入生成不同的HMAC?

[英]Why does my crypto.createHmac() generate a different HMAC for the same input?

 原文  2018-07-11 16:20:01       encryption/ cryptography/ php/ javascript/ hmac

问题描述

I am trying to match the HMAC in Node.js to the HMAC in PHP for API authorization. 我正在尝试将Node.js中的HMAC与PHP中的HMAC匹配以进行API授权。 The problem is in Node.js, the createHmac() function generates a different HMAC for the same input, and therefore does not match with the HMAC in PHP. 问题出在Node.js中,createHmac()函数为相同的输入生成不同的HMAC,因此与PHP中的HMAC不匹配。

Here is my JS code: 这是我的JS代码: 

events: {
  proxyReq: (proxyReq, req) => {
    const API_KEY = 125;
    const API_SECRET_KEY = 'abc';

    let hmac = crypto.createHmac('sha512', API_SECRET_KEY);
    hmac.update('0');
    const s = hmac.digest('base64');

    proxyReq.setHeader('x-api-key', API_KEY);
    proxyReq.setHeader('x-api-signature', s);
    proxyReq.setHeader('x-api-date', date);
  },

PHP: PHP: 

$API_SECRET_KEY = 'abc';
$client_signature = $request->header('x-api-signature');
$hmac = base64_encode(hash_hmac('sha512', '0', base64_decode($API_SECRET_KEY), true));

Log::error($client_signature);
Log::error($hmac);

Latest outputs: 最新输出: 

[2018-07-11 15:25:28] local.ERROR: dO50o/LcS0/UOXOu/5lHbOMXLe+l225vUU13fWEHeOoUHV7SlcSOE9rQq2UhTlys5N6C4hkq8QTALnpRehtlCg==  
[2018-07-11 15:25:28] local.ERROR: 7W2U/3uEKIMD0s39jmZLlJItwTcSSDQdW7WTYdslvIjuUeGydyqwwAuZzaMP0Do5v1zRJxmPITFdy4EHTY5r6A==  

[2018-07-11 15:25:33] local.ERROR: UYsXZFyoAB2zELZzwjWyktPEHlYqIP3cgLeb/LXK0X8pnkVxiqEaFWK7c1YIWd6hFPpZHn5j1YdbDhpAL7hQ5A==  
[2018-07-11 15:25:33] local.ERROR: 7W2U/3uEKIMD0s39jmZLlJItwTcSSDQdW7WTYdslvIjuUeGydyqwwAuZzaMP0Do5v1zRJxmPITFdy4EHTY5r6A==

Any alternatives or solutions would be appreciated! 任何替代或解决方案将不胜感激!

1 个解决方案

解决方案1
 2  2018-07-11 16:35:07

You're base64_decode ing the secret in PHP but not in Node. 您正在base64_decode用PHP而不是Node中的秘密。 Remove the base64_decode and you get: 删除base64_decode ,您将得到: 

gvRZ6BJer/YEkwdJ2OrTetIt1Knza5Vr0ZZ/inV5ySkFW4PBnO77c19L7TFpy9c4FA98/OcK/pB8Gvumwo4CQw==

which matches what I get when testing your JavaScript code. 这与测试JavaScript代码时得到的结果相符。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么HMAC SHA-1会使用相同的输入返回不同的摘要? - Why would HMAC SHA-1 return a different digest with the same input? 将 crypto hmac 转换为 crypto-js hmac 字符串 - Converting crypto hmac to crypto-js hmac string 为什么Java加密AES填充我的16字节纯文本消息? - Why does Java crypto AES pad my plaintext message which is exactly 16bytes? 为什么使用相同的AES算法和CryptoJS与节点内置加密模块之间的相同密钥加密结果是不同的 - why encrypt result is different using same AES algorithm and same key between CryptoJS and node built-in crypto module Java HMAC 在相同的值上调用时返回不同的 mac - Java HMAC returns different mac when called on same value 如何在 crypto-js 中生成相同的 AES 加密消息? - How to generate the same AES encrypted message in crypto-js? openssl从同一输入生成两个不同的输出 - openssl generate two different outputs from the same input 为什么node.js的加密模块给出的结果与用于AES加密的Java的Cipher类不同? - Why does node.js's crypto module give a different result than Java's Cipher class for AES encryption? CodeIgniter - 为什么使用相同的密钥加密会产生不同的结果? - CodeIgniter - Why does encrypting with the same key produce different results? RSA为什么使用相同的密钥和消息会产生不同的结果? - Why does RSA produce different results with same key and message?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM