Various HMAC_SHA256 functions in classic ASP gives different results
Somehow I need to generate a hash in Classic ASP which is equivalent to PHP's following function's output:
$hash = hash_hmac('SHA256', $message, pack('H*', $secret));
where $message = 'stackoverflow'; $secret = '1234567890ABCDEF';
. I tried quite a lot approaches online, but none matches the PHP result:
bcb3452cd48c0f9048e64258ca24d0f3399563971d4a5dcdc531a7806b059e36
Method 1: Using dvim_brix_crypto-js-master_VB.asp online (using CrytoJS)
Function mac256(ent, key)
Dim encWA
Set encWA = ConvertUtf8StrToWordArray(ent)
Dim keyWA
Set keyWA = ConvertUtf8StrToWordArray(key)
Dim resWA
Set resWA = CryptoJS.HmacSHA256(encWA, key)
Set mac256 = resWA
End Function
Function ConvertUtf8StrToWordArray(data)
If (typename(data) = "String") Then
Set ConvertUtf8StrToWordArray = CryptoJS.enc.Utf8.parse(data)
Elseif (typename(data) = "JScriptTypeInfo") Then
On error resume next
'Set ConvertUtf8StrToWordArray = CryptoJS.enc.Utf8.parse(data.toString(CryptoJS.enc.Utf8))
Set ConvertUtf8StrToWordArray = CryptoJS.lib.WordArray.create().concat(data) 'Just assert that data is WordArray
If Err.number>0 Then
Set ConvertUtf8StrToWordArray = Nothing
End if
On error goto 0
Else
Set ConvertUtf8StrToWordArray = Nothing
End if
End Function
The script can be found here. This method gives:
c8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
Method 2: Pure Classic ASP Approach
Public Function HMAC_SHA256(prmKey, prmData)
Dim theKey : theKey = prmKey
Dim Block_Size, O_Pad, I_Pad
Block_Size = 64
O_Pad = 92 'HEX: 5c'
I_Pad = 54 'HEX: 36'
Dim iter, iter2
If Len(theKey) < Block_Size Then
For iter = 1 to Block_Size - Len(theKey)
theKey = theKey & chr(0)
Next
ElseIf Len(theKey) > Block_Size Then
theKey = SHA256(theKey)
End If
Dim o_key_pad : o_key_pad = ""
Dim i_key_pad : i_key_pad = ""
For iter = 1 to Block_Size
o_key_pad = o_key_pad & Chr(Asc(Mid(theKey,iter,1)) xor O_Pad)
i_key_pad = i_key_pad & Chr(Asc(Mid(theKey,iter,1)) xor I_Pad)
Next
HMAC_SHA256 = SHA256(o_key_pad & SHA256(i_key_pad & prmData))
End Function
result = HMAC_SHA256(secret, message)
This method gives:
bc0511316791176484c7d80bc8faaecd8388b75fb97516181ba6b361fd032531
Method 3: Using Amazon AWS's sha256.wsc (using CrytoJS)
Dim sha
Set sha = GetObject( "script:" & Server.MapPath("sha256.wsc") )
sha.hexcase = 0
result = sha.b64_hmac_sha256(secret, message)
The WSC can be found here. This method gives (same result as Method 1):
c8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
I think the problem is the pack()
part, which changes the Hex string to binary. Therefore, I found a way to reproduce the pack()
function in ASP:
Dim key2, hexarr, binstr
key2 = "12 34 56 78 90 AB CD EF"
hexarr = Split(key2)
ReDim binarr(UBound(hexarr))
For i = 0 To UBound(hexarr)
binarr(i) = Chr(CInt("&h" & hexarr(i)))
Next
binstr = Join(binarr, "")
where the key2
is the original secret with space added in every 2 characters. By replacing the secret
with binstr
, the methods now produce:
Method 1: 8ab9e595eab259acb10aa18df7fdf0ecc5ec593f97572d3a4e09f05fdd3aeb8f
Method 2: d23fcafb41d7b581fdae8c2a4a65bc3b19276a4bd367eda9e8e3de43b6a4d355
Method 3: 8ab9e595eab259acb10aa18df7fdf0ecc5ec593f97572d3a4e09f05fdd3aeb8f
None of the above results is identical to PHP's one. What did I miss now?
php asp-classic cryptojs
|
show 4 more comments
Somehow I need to generate a hash in Classic ASP which is equivalent to PHP's following function's output:
$hash = hash_hmac('SHA256', $message, pack('H*', $secret));
where $message = 'stackoverflow'; $secret = '1234567890ABCDEF';
. I tried quite a lot approaches online, but none matches the PHP result:
bcb3452cd48c0f9048e64258ca24d0f3399563971d4a5dcdc531a7806b059e36
Method 1: Using dvim_brix_crypto-js-master_VB.asp online (using CrytoJS)
Function mac256(ent, key)
Dim encWA
Set encWA = ConvertUtf8StrToWordArray(ent)
Dim keyWA
Set keyWA = ConvertUtf8StrToWordArray(key)
Dim resWA
Set resWA = CryptoJS.HmacSHA256(encWA, key)
Set mac256 = resWA
End Function
Function ConvertUtf8StrToWordArray(data)
If (typename(data) = "String") Then
Set ConvertUtf8StrToWordArray = CryptoJS.enc.Utf8.parse(data)
Elseif (typename(data) = "JScriptTypeInfo") Then
On error resume next
'Set ConvertUtf8StrToWordArray = CryptoJS.enc.Utf8.parse(data.toString(CryptoJS.enc.Utf8))
Set ConvertUtf8StrToWordArray = CryptoJS.lib.WordArray.create().concat(data) 'Just assert that data is WordArray
If Err.number>0 Then
Set ConvertUtf8StrToWordArray = Nothing
End if
On error goto 0
Else
Set ConvertUtf8StrToWordArray = Nothing
End if
End Function
The script can be found here. This method gives:
c8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
Method 2: Pure Classic ASP Approach
Public Function HMAC_SHA256(prmKey, prmData)
Dim theKey : theKey = prmKey
Dim Block_Size, O_Pad, I_Pad
Block_Size = 64
O_Pad = 92 'HEX: 5c'
I_Pad = 54 'HEX: 36'
Dim iter, iter2
If Len(theKey) < Block_Size Then
For iter = 1 to Block_Size - Len(theKey)
theKey = theKey & chr(0)
Next
ElseIf Len(theKey) > Block_Size Then
theKey = SHA256(theKey)
End If
Dim o_key_pad : o_key_pad = ""
Dim i_key_pad : i_key_pad = ""
For iter = 1 to Block_Size
o_key_pad = o_key_pad & Chr(Asc(Mid(theKey,iter,1)) xor O_Pad)
i_key_pad = i_key_pad & Chr(Asc(Mid(theKey,iter,1)) xor I_Pad)
Next
HMAC_SHA256 = SHA256(o_key_pad & SHA256(i_key_pad & prmData))
End Function
result = HMAC_SHA256(secret, message)
This method gives:
bc0511316791176484c7d80bc8faaecd8388b75fb97516181ba6b361fd032531
Method 3: Using Amazon AWS's sha256.wsc (using CrytoJS)
Dim sha
Set sha = GetObject( "script:" & Server.MapPath("sha256.wsc") )
sha.hexcase = 0
result = sha.b64_hmac_sha256(secret, message)
The WSC can be found here. This method gives (same result as Method 1):
c8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
I think the problem is the pack()
part, which changes the Hex string to binary. Therefore, I found a way to reproduce the pack()
function in ASP:
Dim key2, hexarr, binstr
key2 = "12 34 56 78 90 AB CD EF"
hexarr = Split(key2)
ReDim binarr(UBound(hexarr))
For i = 0 To UBound(hexarr)
binarr(i) = Chr(CInt("&h" & hexarr(i)))
Next
binstr = Join(binarr, "")
where the key2
is the original secret with space added in every 2 characters. By replacing the secret
with binstr
, the methods now produce:
Method 1: 8ab9e595eab259acb10aa18df7fdf0ecc5ec593f97572d3a4e09f05fdd3aeb8f
Method 2: d23fcafb41d7b581fdae8c2a4a65bc3b19276a4bd367eda9e8e3de43b6a4d355
Method 3: 8ab9e595eab259acb10aa18df7fdf0ecc5ec593f97572d3a4e09f05fdd3aeb8f
None of the above results is identical to PHP's one. What did I miss now?
php asp-classic cryptojs
Could it be the encoding?Chr()
returns ACSII characters whereasChrW()
returns Unicode characters.
– Lankymart
Nov 15 '16 at 7:49
Yep think it is encoding see this answer to a related answer for a c# implementation - A: C# equivalent to hash_hmac in PHP. The hash expects UTF-8 encoded input data.
– Lankymart
Nov 15 '16 at 7:56
@Lankymart but how to achieve the PHP result (i.e. non UTF-8 approach) ?
– Raptor
Nov 15 '16 at 10:16
Hmm...how do you know the PHP method is right? I've just tried from freeformatter.com/hmac-generator.html and with your data getc8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
.
– Lankymart
Nov 15 '16 at 10:32
2
If it doesn't support UTF-8 encoding then your method 1 and method 2 and possibly method 3 approaches are not like for like. You will need to convert any data you pass to ASCII first. To be honest you could go around in circles with this for hours.
– Lankymart
Nov 15 '16 at 10:47
|
show 4 more comments
Somehow I need to generate a hash in Classic ASP which is equivalent to PHP's following function's output:
$hash = hash_hmac('SHA256', $message, pack('H*', $secret));
where $message = 'stackoverflow'; $secret = '1234567890ABCDEF';
. I tried quite a lot approaches online, but none matches the PHP result:
bcb3452cd48c0f9048e64258ca24d0f3399563971d4a5dcdc531a7806b059e36
Method 1: Using dvim_brix_crypto-js-master_VB.asp online (using CrytoJS)
Function mac256(ent, key)
Dim encWA
Set encWA = ConvertUtf8StrToWordArray(ent)
Dim keyWA
Set keyWA = ConvertUtf8StrToWordArray(key)
Dim resWA
Set resWA = CryptoJS.HmacSHA256(encWA, key)
Set mac256 = resWA
End Function
Function ConvertUtf8StrToWordArray(data)
If (typename(data) = "String") Then
Set ConvertUtf8StrToWordArray = CryptoJS.enc.Utf8.parse(data)
Elseif (typename(data) = "JScriptTypeInfo") Then
On error resume next
'Set ConvertUtf8StrToWordArray = CryptoJS.enc.Utf8.parse(data.toString(CryptoJS.enc.Utf8))
Set ConvertUtf8StrToWordArray = CryptoJS.lib.WordArray.create().concat(data) 'Just assert that data is WordArray
If Err.number>0 Then
Set ConvertUtf8StrToWordArray = Nothing
End if
On error goto 0
Else
Set ConvertUtf8StrToWordArray = Nothing
End if
End Function
The script can be found here. This method gives:
c8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
Method 2: Pure Classic ASP Approach
Public Function HMAC_SHA256(prmKey, prmData)
Dim theKey : theKey = prmKey
Dim Block_Size, O_Pad, I_Pad
Block_Size = 64
O_Pad = 92 'HEX: 5c'
I_Pad = 54 'HEX: 36'
Dim iter, iter2
If Len(theKey) < Block_Size Then
For iter = 1 to Block_Size - Len(theKey)
theKey = theKey & chr(0)
Next
ElseIf Len(theKey) > Block_Size Then
theKey = SHA256(theKey)
End If
Dim o_key_pad : o_key_pad = ""
Dim i_key_pad : i_key_pad = ""
For iter = 1 to Block_Size
o_key_pad = o_key_pad & Chr(Asc(Mid(theKey,iter,1)) xor O_Pad)
i_key_pad = i_key_pad & Chr(Asc(Mid(theKey,iter,1)) xor I_Pad)
Next
HMAC_SHA256 = SHA256(o_key_pad & SHA256(i_key_pad & prmData))
End Function
result = HMAC_SHA256(secret, message)
This method gives:
bc0511316791176484c7d80bc8faaecd8388b75fb97516181ba6b361fd032531
Method 3: Using Amazon AWS's sha256.wsc (using CrytoJS)
Dim sha
Set sha = GetObject( "script:" & Server.MapPath("sha256.wsc") )
sha.hexcase = 0
result = sha.b64_hmac_sha256(secret, message)
The WSC can be found here. This method gives (same result as Method 1):
c8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
I think the problem is the pack()
part, which changes the Hex string to binary. Therefore, I found a way to reproduce the pack()
function in ASP:
Dim key2, hexarr, binstr
key2 = "12 34 56 78 90 AB CD EF"
hexarr = Split(key2)
ReDim binarr(UBound(hexarr))
For i = 0 To UBound(hexarr)
binarr(i) = Chr(CInt("&h" & hexarr(i)))
Next
binstr = Join(binarr, "")
where the key2
is the original secret with space added in every 2 characters. By replacing the secret
with binstr
, the methods now produce:
Method 1: 8ab9e595eab259acb10aa18df7fdf0ecc5ec593f97572d3a4e09f05fdd3aeb8f
Method 2: d23fcafb41d7b581fdae8c2a4a65bc3b19276a4bd367eda9e8e3de43b6a4d355
Method 3: 8ab9e595eab259acb10aa18df7fdf0ecc5ec593f97572d3a4e09f05fdd3aeb8f
None of the above results is identical to PHP's one. What did I miss now?
php asp-classic cryptojs
Somehow I need to generate a hash in Classic ASP which is equivalent to PHP's following function's output:
$hash = hash_hmac('SHA256', $message, pack('H*', $secret));
where $message = 'stackoverflow'; $secret = '1234567890ABCDEF';
. I tried quite a lot approaches online, but none matches the PHP result:
bcb3452cd48c0f9048e64258ca24d0f3399563971d4a5dcdc531a7806b059e36
Method 1: Using dvim_brix_crypto-js-master_VB.asp online (using CrytoJS)
Function mac256(ent, key)
Dim encWA
Set encWA = ConvertUtf8StrToWordArray(ent)
Dim keyWA
Set keyWA = ConvertUtf8StrToWordArray(key)
Dim resWA
Set resWA = CryptoJS.HmacSHA256(encWA, key)
Set mac256 = resWA
End Function
Function ConvertUtf8StrToWordArray(data)
If (typename(data) = "String") Then
Set ConvertUtf8StrToWordArray = CryptoJS.enc.Utf8.parse(data)
Elseif (typename(data) = "JScriptTypeInfo") Then
On error resume next
'Set ConvertUtf8StrToWordArray = CryptoJS.enc.Utf8.parse(data.toString(CryptoJS.enc.Utf8))
Set ConvertUtf8StrToWordArray = CryptoJS.lib.WordArray.create().concat(data) 'Just assert that data is WordArray
If Err.number>0 Then
Set ConvertUtf8StrToWordArray = Nothing
End if
On error goto 0
Else
Set ConvertUtf8StrToWordArray = Nothing
End if
End Function
The script can be found here. This method gives:
c8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
Method 2: Pure Classic ASP Approach
Public Function HMAC_SHA256(prmKey, prmData)
Dim theKey : theKey = prmKey
Dim Block_Size, O_Pad, I_Pad
Block_Size = 64
O_Pad = 92 'HEX: 5c'
I_Pad = 54 'HEX: 36'
Dim iter, iter2
If Len(theKey) < Block_Size Then
For iter = 1 to Block_Size - Len(theKey)
theKey = theKey & chr(0)
Next
ElseIf Len(theKey) > Block_Size Then
theKey = SHA256(theKey)
End If
Dim o_key_pad : o_key_pad = ""
Dim i_key_pad : i_key_pad = ""
For iter = 1 to Block_Size
o_key_pad = o_key_pad & Chr(Asc(Mid(theKey,iter,1)) xor O_Pad)
i_key_pad = i_key_pad & Chr(Asc(Mid(theKey,iter,1)) xor I_Pad)
Next
HMAC_SHA256 = SHA256(o_key_pad & SHA256(i_key_pad & prmData))
End Function
result = HMAC_SHA256(secret, message)
This method gives:
bc0511316791176484c7d80bc8faaecd8388b75fb97516181ba6b361fd032531
Method 3: Using Amazon AWS's sha256.wsc (using CrytoJS)
Dim sha
Set sha = GetObject( "script:" & Server.MapPath("sha256.wsc") )
sha.hexcase = 0
result = sha.b64_hmac_sha256(secret, message)
The WSC can be found here. This method gives (same result as Method 1):
c8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
I think the problem is the pack()
part, which changes the Hex string to binary. Therefore, I found a way to reproduce the pack()
function in ASP:
Dim key2, hexarr, binstr
key2 = "12 34 56 78 90 AB CD EF"
hexarr = Split(key2)
ReDim binarr(UBound(hexarr))
For i = 0 To UBound(hexarr)
binarr(i) = Chr(CInt("&h" & hexarr(i)))
Next
binstr = Join(binarr, "")
where the key2
is the original secret with space added in every 2 characters. By replacing the secret
with binstr
, the methods now produce:
Method 1: 8ab9e595eab259acb10aa18df7fdf0ecc5ec593f97572d3a4e09f05fdd3aeb8f
Method 2: d23fcafb41d7b581fdae8c2a4a65bc3b19276a4bd367eda9e8e3de43b6a4d355
Method 3: 8ab9e595eab259acb10aa18df7fdf0ecc5ec593f97572d3a4e09f05fdd3aeb8f
None of the above results is identical to PHP's one. What did I miss now?
php asp-classic cryptojs
php asp-classic cryptojs
asked Nov 15 '16 at 4:14
RaptorRaptor
35.6k32180298
35.6k32180298
Could it be the encoding?Chr()
returns ACSII characters whereasChrW()
returns Unicode characters.
– Lankymart
Nov 15 '16 at 7:49
Yep think it is encoding see this answer to a related answer for a c# implementation - A: C# equivalent to hash_hmac in PHP. The hash expects UTF-8 encoded input data.
– Lankymart
Nov 15 '16 at 7:56
@Lankymart but how to achieve the PHP result (i.e. non UTF-8 approach) ?
– Raptor
Nov 15 '16 at 10:16
Hmm...how do you know the PHP method is right? I've just tried from freeformatter.com/hmac-generator.html and with your data getc8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
.
– Lankymart
Nov 15 '16 at 10:32
2
If it doesn't support UTF-8 encoding then your method 1 and method 2 and possibly method 3 approaches are not like for like. You will need to convert any data you pass to ASCII first. To be honest you could go around in circles with this for hours.
– Lankymart
Nov 15 '16 at 10:47
|
show 4 more comments
Could it be the encoding?Chr()
returns ACSII characters whereasChrW()
returns Unicode characters.
– Lankymart
Nov 15 '16 at 7:49
Yep think it is encoding see this answer to a related answer for a c# implementation - A: C# equivalent to hash_hmac in PHP. The hash expects UTF-8 encoded input data.
– Lankymart
Nov 15 '16 at 7:56
@Lankymart but how to achieve the PHP result (i.e. non UTF-8 approach) ?
– Raptor
Nov 15 '16 at 10:16
Hmm...how do you know the PHP method is right? I've just tried from freeformatter.com/hmac-generator.html and with your data getc8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
.
– Lankymart
Nov 15 '16 at 10:32
2
If it doesn't support UTF-8 encoding then your method 1 and method 2 and possibly method 3 approaches are not like for like. You will need to convert any data you pass to ASCII first. To be honest you could go around in circles with this for hours.
– Lankymart
Nov 15 '16 at 10:47
Could it be the encoding?
Chr()
returns ACSII characters whereas ChrW()
returns Unicode characters.– Lankymart
Nov 15 '16 at 7:49
Could it be the encoding?
Chr()
returns ACSII characters whereas ChrW()
returns Unicode characters.– Lankymart
Nov 15 '16 at 7:49
Yep think it is encoding see this answer to a related answer for a c# implementation - A: C# equivalent to hash_hmac in PHP. The hash expects UTF-8 encoded input data.
– Lankymart
Nov 15 '16 at 7:56
Yep think it is encoding see this answer to a related answer for a c# implementation - A: C# equivalent to hash_hmac in PHP. The hash expects UTF-8 encoded input data.
– Lankymart
Nov 15 '16 at 7:56
@Lankymart but how to achieve the PHP result (i.e. non UTF-8 approach) ?
– Raptor
Nov 15 '16 at 10:16
@Lankymart but how to achieve the PHP result (i.e. non UTF-8 approach) ?
– Raptor
Nov 15 '16 at 10:16
Hmm...how do you know the PHP method is right? I've just tried from freeformatter.com/hmac-generator.html and with your data get
c8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
.– Lankymart
Nov 15 '16 at 10:32
Hmm...how do you know the PHP method is right? I've just tried from freeformatter.com/hmac-generator.html and with your data get
c8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
.– Lankymart
Nov 15 '16 at 10:32
2
2
If it doesn't support UTF-8 encoding then your method 1 and method 2 and possibly method 3 approaches are not like for like. You will need to convert any data you pass to ASCII first. To be honest you could go around in circles with this for hours.
– Lankymart
Nov 15 '16 at 10:47
If it doesn't support UTF-8 encoding then your method 1 and method 2 and possibly method 3 approaches are not like for like. You will need to convert any data you pass to ASCII first. To be honest you could go around in circles with this for hours.
– Lankymart
Nov 15 '16 at 10:47
|
show 4 more comments
1 Answer
1
active
oldest
votes
Check out the following example.
The only requirement with this approach is Microsoft .Net Framework 2.0 (preinstalled starting from Windows Server 2003 R2) to use Com Interops.
I tried to be descriptive in the comments but feel free to ask questions about it.
'Returns Byte(), UTF-8 bytes of unicode string
Function Utf8Bytes(text)
With Server.CreateObject("System.Text.UTF8Encoding")
Utf8Bytes = .GetBytes_4(text)
End With
End Function
'Returns String, sequential hexadecimal digits per byte
'data As Byte()
Function BinToHex(data)
With Server.CreateObject("MSXML2.DomDocument").CreateElement("b64")
.dataType = "bin.hex"
.nodeTypedValue = data
BinToHex = .text
End With
End Function
'Returns Byte(), a keyed hash generated using SHA256 method
'data As String, key As Byte()
Function HashHmacSha256(data, key)
With Server.CreateObject("System.Security.Cryptography.HMACSHA256")
.Key = key
HashHmacSha256 = .ComputeHash_2(UTF8Bytes(data))
End With
End Function
'Returns Byte(), of a packed hexadecimal string
'instead of PHP's pack('H*'
Function HexToBin(data)
With Server.CreateObject("MSXML2.DomDocument").CreateElement("b64")
.dataType = "bin.hex"
.text = data
HexToBin = .nodeTypedValue
End With
End Function
packed_secret = HexToBin("1234567890ABCDEF")
message = "stackoverflow"
binary_hash = HashHmacSha256(message, packed_secret)
string_hash = BinToHex(binary_hash)
Response.Write string_hash
Thanks, but I'm not using .NET framework. It's an ancient server.
– Raptor
Nov 15 '16 at 11:11
1
@Raptor is it not possible to at least have the .NET framework installed?
– Lankymart
Nov 15 '16 at 11:22
I always forget that some of the .Net classes are COM interops.
– Lankymart
Nov 15 '16 at 11:23
I'm not the server admin, thus I can't install any .NET frameworks. I got only the FTP account...
– Raptor
Nov 16 '16 at 1:51
1
Thanks guys. I obtained help from bank and resolved my problem. They provided official ASP functions for implementation.
– Raptor
Nov 21 '16 at 2:09
|
show 2 more comments
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f40601928%2fvarious-hmac-sha256-functions-in-classic-asp-gives-different-results%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Check out the following example.
The only requirement with this approach is Microsoft .Net Framework 2.0 (preinstalled starting from Windows Server 2003 R2) to use Com Interops.
I tried to be descriptive in the comments but feel free to ask questions about it.
'Returns Byte(), UTF-8 bytes of unicode string
Function Utf8Bytes(text)
With Server.CreateObject("System.Text.UTF8Encoding")
Utf8Bytes = .GetBytes_4(text)
End With
End Function
'Returns String, sequential hexadecimal digits per byte
'data As Byte()
Function BinToHex(data)
With Server.CreateObject("MSXML2.DomDocument").CreateElement("b64")
.dataType = "bin.hex"
.nodeTypedValue = data
BinToHex = .text
End With
End Function
'Returns Byte(), a keyed hash generated using SHA256 method
'data As String, key As Byte()
Function HashHmacSha256(data, key)
With Server.CreateObject("System.Security.Cryptography.HMACSHA256")
.Key = key
HashHmacSha256 = .ComputeHash_2(UTF8Bytes(data))
End With
End Function
'Returns Byte(), of a packed hexadecimal string
'instead of PHP's pack('H*'
Function HexToBin(data)
With Server.CreateObject("MSXML2.DomDocument").CreateElement("b64")
.dataType = "bin.hex"
.text = data
HexToBin = .nodeTypedValue
End With
End Function
packed_secret = HexToBin("1234567890ABCDEF")
message = "stackoverflow"
binary_hash = HashHmacSha256(message, packed_secret)
string_hash = BinToHex(binary_hash)
Response.Write string_hash
Thanks, but I'm not using .NET framework. It's an ancient server.
– Raptor
Nov 15 '16 at 11:11
1
@Raptor is it not possible to at least have the .NET framework installed?
– Lankymart
Nov 15 '16 at 11:22
I always forget that some of the .Net classes are COM interops.
– Lankymart
Nov 15 '16 at 11:23
I'm not the server admin, thus I can't install any .NET frameworks. I got only the FTP account...
– Raptor
Nov 16 '16 at 1:51
1
Thanks guys. I obtained help from bank and resolved my problem. They provided official ASP functions for implementation.
– Raptor
Nov 21 '16 at 2:09
|
show 2 more comments
Check out the following example.
The only requirement with this approach is Microsoft .Net Framework 2.0 (preinstalled starting from Windows Server 2003 R2) to use Com Interops.
I tried to be descriptive in the comments but feel free to ask questions about it.
'Returns Byte(), UTF-8 bytes of unicode string
Function Utf8Bytes(text)
With Server.CreateObject("System.Text.UTF8Encoding")
Utf8Bytes = .GetBytes_4(text)
End With
End Function
'Returns String, sequential hexadecimal digits per byte
'data As Byte()
Function BinToHex(data)
With Server.CreateObject("MSXML2.DomDocument").CreateElement("b64")
.dataType = "bin.hex"
.nodeTypedValue = data
BinToHex = .text
End With
End Function
'Returns Byte(), a keyed hash generated using SHA256 method
'data As String, key As Byte()
Function HashHmacSha256(data, key)
With Server.CreateObject("System.Security.Cryptography.HMACSHA256")
.Key = key
HashHmacSha256 = .ComputeHash_2(UTF8Bytes(data))
End With
End Function
'Returns Byte(), of a packed hexadecimal string
'instead of PHP's pack('H*'
Function HexToBin(data)
With Server.CreateObject("MSXML2.DomDocument").CreateElement("b64")
.dataType = "bin.hex"
.text = data
HexToBin = .nodeTypedValue
End With
End Function
packed_secret = HexToBin("1234567890ABCDEF")
message = "stackoverflow"
binary_hash = HashHmacSha256(message, packed_secret)
string_hash = BinToHex(binary_hash)
Response.Write string_hash
Thanks, but I'm not using .NET framework. It's an ancient server.
– Raptor
Nov 15 '16 at 11:11
1
@Raptor is it not possible to at least have the .NET framework installed?
– Lankymart
Nov 15 '16 at 11:22
I always forget that some of the .Net classes are COM interops.
– Lankymart
Nov 15 '16 at 11:23
I'm not the server admin, thus I can't install any .NET frameworks. I got only the FTP account...
– Raptor
Nov 16 '16 at 1:51
1
Thanks guys. I obtained help from bank and resolved my problem. They provided official ASP functions for implementation.
– Raptor
Nov 21 '16 at 2:09
|
show 2 more comments
Check out the following example.
The only requirement with this approach is Microsoft .Net Framework 2.0 (preinstalled starting from Windows Server 2003 R2) to use Com Interops.
I tried to be descriptive in the comments but feel free to ask questions about it.
'Returns Byte(), UTF-8 bytes of unicode string
Function Utf8Bytes(text)
With Server.CreateObject("System.Text.UTF8Encoding")
Utf8Bytes = .GetBytes_4(text)
End With
End Function
'Returns String, sequential hexadecimal digits per byte
'data As Byte()
Function BinToHex(data)
With Server.CreateObject("MSXML2.DomDocument").CreateElement("b64")
.dataType = "bin.hex"
.nodeTypedValue = data
BinToHex = .text
End With
End Function
'Returns Byte(), a keyed hash generated using SHA256 method
'data As String, key As Byte()
Function HashHmacSha256(data, key)
With Server.CreateObject("System.Security.Cryptography.HMACSHA256")
.Key = key
HashHmacSha256 = .ComputeHash_2(UTF8Bytes(data))
End With
End Function
'Returns Byte(), of a packed hexadecimal string
'instead of PHP's pack('H*'
Function HexToBin(data)
With Server.CreateObject("MSXML2.DomDocument").CreateElement("b64")
.dataType = "bin.hex"
.text = data
HexToBin = .nodeTypedValue
End With
End Function
packed_secret = HexToBin("1234567890ABCDEF")
message = "stackoverflow"
binary_hash = HashHmacSha256(message, packed_secret)
string_hash = BinToHex(binary_hash)
Response.Write string_hash
Check out the following example.
The only requirement with this approach is Microsoft .Net Framework 2.0 (preinstalled starting from Windows Server 2003 R2) to use Com Interops.
I tried to be descriptive in the comments but feel free to ask questions about it.
'Returns Byte(), UTF-8 bytes of unicode string
Function Utf8Bytes(text)
With Server.CreateObject("System.Text.UTF8Encoding")
Utf8Bytes = .GetBytes_4(text)
End With
End Function
'Returns String, sequential hexadecimal digits per byte
'data As Byte()
Function BinToHex(data)
With Server.CreateObject("MSXML2.DomDocument").CreateElement("b64")
.dataType = "bin.hex"
.nodeTypedValue = data
BinToHex = .text
End With
End Function
'Returns Byte(), a keyed hash generated using SHA256 method
'data As String, key As Byte()
Function HashHmacSha256(data, key)
With Server.CreateObject("System.Security.Cryptography.HMACSHA256")
.Key = key
HashHmacSha256 = .ComputeHash_2(UTF8Bytes(data))
End With
End Function
'Returns Byte(), of a packed hexadecimal string
'instead of PHP's pack('H*'
Function HexToBin(data)
With Server.CreateObject("MSXML2.DomDocument").CreateElement("b64")
.dataType = "bin.hex"
.text = data
HexToBin = .nodeTypedValue
End With
End Function
packed_secret = HexToBin("1234567890ABCDEF")
message = "stackoverflow"
binary_hash = HashHmacSha256(message, packed_secret)
string_hash = BinToHex(binary_hash)
Response.Write string_hash
answered Nov 15 '16 at 11:05
Kul-TiginKul-Tigin
12.6k11951
12.6k11951
Thanks, but I'm not using .NET framework. It's an ancient server.
– Raptor
Nov 15 '16 at 11:11
1
@Raptor is it not possible to at least have the .NET framework installed?
– Lankymart
Nov 15 '16 at 11:22
I always forget that some of the .Net classes are COM interops.
– Lankymart
Nov 15 '16 at 11:23
I'm not the server admin, thus I can't install any .NET frameworks. I got only the FTP account...
– Raptor
Nov 16 '16 at 1:51
1
Thanks guys. I obtained help from bank and resolved my problem. They provided official ASP functions for implementation.
– Raptor
Nov 21 '16 at 2:09
|
show 2 more comments
Thanks, but I'm not using .NET framework. It's an ancient server.
– Raptor
Nov 15 '16 at 11:11
1
@Raptor is it not possible to at least have the .NET framework installed?
– Lankymart
Nov 15 '16 at 11:22
I always forget that some of the .Net classes are COM interops.
– Lankymart
Nov 15 '16 at 11:23
I'm not the server admin, thus I can't install any .NET frameworks. I got only the FTP account...
– Raptor
Nov 16 '16 at 1:51
1
Thanks guys. I obtained help from bank and resolved my problem. They provided official ASP functions for implementation.
– Raptor
Nov 21 '16 at 2:09
Thanks, but I'm not using .NET framework. It's an ancient server.
– Raptor
Nov 15 '16 at 11:11
Thanks, but I'm not using .NET framework. It's an ancient server.
– Raptor
Nov 15 '16 at 11:11
1
1
@Raptor is it not possible to at least have the .NET framework installed?
– Lankymart
Nov 15 '16 at 11:22
@Raptor is it not possible to at least have the .NET framework installed?
– Lankymart
Nov 15 '16 at 11:22
I always forget that some of the .Net classes are COM interops.
– Lankymart
Nov 15 '16 at 11:23
I always forget that some of the .Net classes are COM interops.
– Lankymart
Nov 15 '16 at 11:23
I'm not the server admin, thus I can't install any .NET frameworks. I got only the FTP account...
– Raptor
Nov 16 '16 at 1:51
I'm not the server admin, thus I can't install any .NET frameworks. I got only the FTP account...
– Raptor
Nov 16 '16 at 1:51
1
1
Thanks guys. I obtained help from bank and resolved my problem. They provided official ASP functions for implementation.
– Raptor
Nov 21 '16 at 2:09
Thanks guys. I obtained help from bank and resolved my problem. They provided official ASP functions for implementation.
– Raptor
Nov 21 '16 at 2:09
|
show 2 more comments
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f40601928%2fvarious-hmac-sha256-functions-in-classic-asp-gives-different-results%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Could it be the encoding?
Chr()
returns ACSII characters whereasChrW()
returns Unicode characters.– Lankymart
Nov 15 '16 at 7:49
Yep think it is encoding see this answer to a related answer for a c# implementation - A: C# equivalent to hash_hmac in PHP. The hash expects UTF-8 encoded input data.
– Lankymart
Nov 15 '16 at 7:56
@Lankymart but how to achieve the PHP result (i.e. non UTF-8 approach) ?
– Raptor
Nov 15 '16 at 10:16
Hmm...how do you know the PHP method is right? I've just tried from freeformatter.com/hmac-generator.html and with your data get
c8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c
.– Lankymart
Nov 15 '16 at 10:32
2
If it doesn't support UTF-8 encoding then your method 1 and method 2 and possibly method 3 approaches are not like for like. You will need to convert any data you pass to ASCII first. To be honest you could go around in circles with this for hours.
– Lankymart
Nov 15 '16 at 10:47