PHP Generate HMAC-SHA1 signature

Question

This is driving me crazy.

I am trying to generate a signature as suggested here: https://www.reed.co.uk/developers/SignatureTest

This way:

function createSignature($queryUrl, $timestamp, $apiKey, $http = "GET", $agent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)"){
    $signature = $http . $agent . $queryUrl . "www.reed.co.uk" . $timestamp;
    $signature = base64_encode(hash_hmac("sha1", $signature, $apiKey, true));
    return $signature;
}


$clientId = 1;
$timestamp = "2016-05-13T09:22:50Z";

$apiKey = "bacd2d2d-8b69-43c8-94c5-4a24c0269b79";

$queryUrl = "https://www.reed.co.uk/recruiter/api/1.0/cvsearch";

$reedQuery = \Httpful\Request::get($queryUrl)
    ->addHeaders(array(
        "X-ApiSignature" => createSignature($queryUrl, $timestamp, $apiKey),
        "X-ApiClientId" => $clientId,
        "X-TimeStamp" => $timestamp
    ))
    ->expectsJson()
    ->send();


print_r($reedQuery);

Now for some reasons it returns this on my server: WRTjqQKfyEQyLJEzWWuT3SWgGPk= While the expected result is: JUgvCh5oeFYe1HDmfiMObOu1+nQ=

I tried everything, even swapping from little endian to big endian. Nothing.

What is wrong??? :(

Try the other way around? $signature = base64_encode(hash_hmac("sha1", $apiKey, $signature, true)); — Niki van Stein, May 13 '16 at 10:25
To turn around the 2nd and 3th parameter of the hash_hmac function. So to hash the signature instead of the key. — Niki van Stein, May 13 '16 at 11:40

score 1 · Answer 1 · answered Nov 11 '17 at 13:57

I struggled with the same issue; the solution is posted here under a different question.

The issue is that the string key (GUID) needs its order of the 2-character hexadecimal numbers reversed in the first 3 segments (http://msdn.microsoft.com/en-us/library/system.guid.tobytearray.aspx).

Example to create the hash (using your key above):

$apiToken = 'bacd2d2d-8b69-43c8-94c5-4a24c0269b79';
$stringToSign = 'POSTReedAgenthttps://www.reed.co.uk/recruiter/api/1.0/jobswww.reed.co.uk2017-11-11T13:50:06+00:00';
$hexStr = str_replace('-','',$apiToken);
$c = explode('-',chunk_split($hexStr,2,'-'));
$hexArr = array($c[3],$c[2],$c[1],$c[0],$c[5],$c[4],$c[7],$c[6],$c[8],$c[9],$c[10],$c[11],$c[12],$c[13],$c[14],$c[15]);
$keyStr = '';
for ($i = 0; $i < 16; ++$i) {
    $num = hexdec($hexArr[$i]);
    $keyStr .= chr($num);
}
$apiSignature = base64_encode(hash_hmac('sha1',$stringToSign,$keyStr,true));

This produces a hash that matches that from the Signature Test.

score 1 · Answer 2 · answered Mar 07 '19 at 05:03

1

for sha1 only need the hash_hmac function

     hash_hmac('sha1', $inputText, $keyString)

answered Mar 07 '19 at 05:03

Rubén Ruíz

453
4
9

PHP Generate HMAC-SHA1 signature

2 Answers2