ColdFusion相当于PHP hash_hmac

Question

$key = "12345678876543211234567887654321";
$iv = "1234567887654321";
$plaindata = "This is a test string";

$enc = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plaindata, MCRYPT_MODE_CBC, $iv));

$str = hash_hmac("sha256", utf8_encode($iv . '.' . $enc), utf8_encode($key));

echo($str);

This gives me e63d4ab83f90cfec1acdaf831091b6394167ae728b657e44afad1e7553843eeb

How can I get the same result in ColdFusion9 Development Edition?

Answer 1

I found a solution on this page http://www.isummation.com/blog/calculate-hmac-sha256-digest-using-user-defined-function-in-coldfusion/

Your need to call the function like this

<cfoutput>#LCase(HMAC_SHA256(iv & "." & Encrypted_Data, key))#</cfoutput>

Worked like a charm.

Answer 2

Don't have the time to work it out entirely, but I think that HMAC SHA1 ColdFusion should be able to get you there. If for some reason you can't get it perfectly right (had that once) you might also consider using php-cli with cfexecute. It's not the fastest solution, but if necessary it allows you to use the php functions.

Edit: Copied the function from the previous answer and added a comment about the line that needed to be changed.

<cffunction name="hmacEncrypt" returntype="binary" access="public" output="false">
 <cfargument name="signKey" type="string" required="true" />
 <cfargument name="signMessage" type="string" required="true" />

 <cfset var jMsg = JavaCast("string",arguments.signMessage).getBytes("iso-8859-1") />
 <cfset var jKey = JavaCast("string",arguments.signKey).getBytes("iso-8859-1") />

 <cfset var key = createObject("java","javax.crypto.spec.SecretKeySpec") />
 <cfset var mac = createObject("java","javax.crypto.Mac") />

 <!--- this line had to be changed to the 256 version --->
 <cfset key = key.init(jKey,"hmacSHA256") />

 <cfset mac = mac.getInstance(key.getAlgorithm()) />
 <cfset mac.init(key) />
 <cfset mac.update(jMsg) />

<cfreturn mac.doFinal() />