SHA256没有在PHP中生成正确的哈希

Question

Following is the procedure for generating a sha256 based hashed.

Generated Hash

The hash query string parameter is to be followed by the generated hash for that specific request. To generate the hash:

1. Take the body of the HTTP POST request
2. Add the provided API Secret to the end of the body
3. Converts it to SHA256 and converts the hashed message to hexadecimal format

For example, assuming the provided API Secret is "secretapikey" and the HTTP POST body contains the following:

{ "apiKey": 123, "invoiceId": 1 }

The generated hash will be:

d48cf8a852713844603d7c8cbefb3e81cfb29e7540d98f06affdf58322c1038e

Below is the steps taken to produce the above generated hash:

HTTP POST Body => { "apiKey": 123, "invoiceId": 1 }

Secret => secretapikey

Text to be hashed => { "apiKey": 123, "invoiceId": 1 }secretapikey

SHA-256 Hash => d48cf8a852713844603d7c8cbefb3e81cfb29e7540d98f06affdf58322c1038e

I have to concatinate two strings ( { "apiKey": 123, "invoiceId": 1 }secretapikey ) and then hash them to send to an api end point. But the Hash generated by following code is not according to hash generated by an online sha256:-

$secretapikey = "secretapikey";
$postbody = array();
$postbody['apiKey'] = "123";
$postbody['invoiceId'] = 1;

$jpb = json_encode($postbody);

$hashed = $jpb.$secretapikey; //Here is Problem. It is not concatenated according to requirement


$result = hash('SHA256', $hashed);

echo $result;

This is the value of $result

d2c5d184be42ff4ae3a0046d0727c026f38c1e92f8960cb9d17d496c7b89b7b3

whereas it should be

d48cf8a852713844603d7c8cbefb3e81cfb29e7540d98f06affdf58322c1038e

Answer 1

hash('SHA256', $hashed); is doing its job right

and $hashed = $jpb.$secretapikey; is joining the two strings correctly.

The reason you don't get the hash you expect is that the JSON you use for the test is

{ "apiKey": 123, "invoiceId": 1 }

while the JSON produced by json_encode($postbody);

is {"apiKey":123,"invoiceId":1}

without spaces.