Is there any way to create a HmacSHA256 signature of a string in php?
Asked
Active
Viewed 1.1e+01k times
6 Answers
140
The Alpha
- 143,660
- 29
- 287
- 307
Sebastian Paaske Tørholm
- 49,493
- 11
- 100
- 118
-
what's inside $string? – Maha Dev Oct 06 '15 at 07:38
-
1@MahaDev Whatever you want the signature of. – Sebastian Paaske Tørholm Oct 06 '15 at 11:37
-
@SebastianPaaskeTørholm will hash_hmac will always generate unique string...? – Muhammad Usama Mashkoor Aug 08 '17 at 12:16
-
4@usama No. By the very nature of a hash function, there will exist a collision. (I.e. two strings that hash to the same value.) I suggest you look into hash collisions. The subject is too long to cover in a comment. – Sebastian Paaske Tørholm Aug 08 '17 at 13:17
-
Thanks @SebastianPaaskeTørholm for answer can you please explain in general how we can make it unique Thanks again. – Muhammad Usama Mashkoor Aug 08 '17 at 13:40
-
I also want to iterate it to make hash even harder. – Ravi Soni Oct 11 '18 at 13:22
22
The hash_hmac() function could help, here :
Generate a keyed hash value using the HMAC method
For example, the following portion of code :
$hash = hash_hmac('sha256', 'hello, world!', 'mykey');
var_dump($hash);
Gives the following output :
string '07a932dd17adc59b49561f33980ec5254688a41f133b8a26e76c611073ade89b' (length=64)
And, to get the list of hashing algorithms that can be used, see hash_algos().
Pupil
- 23,834
- 6
- 44
- 66
Pascal MARTIN
- 395,085
- 80
- 655
- 663
11
Here is an example of datatrans transaction signing (swiss e-payment solution) before call PSP with HMAC-SHA-256.
Hope it could help some developers.
$hmacKey = 30911337928580013;
$merchantId = 1100004624;
$amount = $total * 100;
$currency = 'EUR';
$refno = $orderId;
// HMAC Hex to byte
$secret = hex2bin("$hmacKey");
// Concat infos
$string = $merchantId . $amount. $currency . $refno;
// generate SIGN
$sign = bin2hex(hash_hmac('sha256', $string, $secret));
Note: the merchant ID and HMAC key are both from Datatrans documentation available here : https://admin.sandbox.datatrans.com/showcase/doc/Technical_Implementation_Guide.pdf
Meloman
- 3,558
- 3
- 41
- 51
-
Note that the bin2hex at the end will produce a different result than the example shown in the Datatrans backend UI! – ZPiDER Aug 21 '18 at 12:45
-
Hi, I want to generate datatrans sign in javascript. But i am not able to achieve that. Do you have any working example for that. – Ninja Turtle Sep 06 '20 at 07:59
-
@VinitSingh no I don't. But you can read this, maybe it will help you : https://www.jokecamp.com/blog/examples-of-creating-base64-hashes-using-hmac-sha256-in-different-languages/#js – Meloman Sep 09 '20 at 05:41
4
This is the way. How to generate hash_hmac in laravel. It'll work 100%.
$sig = hash_hmac('sha256', $request->getContent(), 'secret value' );
Kaleemullah
- 446
- 3
- 8
2
I can't answer due to lack of reputation, but @Melomans way in combination with ZPiDER's answer leads to using only
$hash = hash_hmac('sha256', $string, $secret);
for a correct Datatrans signing
3tl4m
- 21
- 1
1
okay to sign your data with hash_hmach all you need is to do the following
- get your secret key
- choose a cipher mode or method example sha1,sha256, etc
- create a variable that will hold your encrypted data call it whatever you like Therefore the code will look like this
$signData= hash_hmac("sha256",$dataToBeSigned,$yourSecretKey);
RAMIN HAMZA
- 11
- 2