SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Evangelist hessodreamy's Avatar
    Join Date
    Apr 2005
    Location
    uk
    Posts
    525
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)

    Is this use of sha1 correct?

    I'm trying to generate a signature to verify the authenticity of incoming data from a source, and have been given these instructions:
    To calculate the signature, concatenate the UUID and Timestamp; then use a standard HMAC SHA1 algorithm and your Secret Access Key.
    I'm not too hot on cryptographic functions, so I'm having trouble getting the generated string to tally up with the signature on the incoming data. There's what I've done:
    Code:
    $expected_signature = hash_hmac("sha1", $UUID.$timestamp, $secretKey);
    Is this correct (as in following the instructions above)?

  2. #2
    SitePoint Enthusiast
    Join Date
    May 2010
    Location
    Netherlands
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That does seem correct. How do you assign the $UUID and $timestamp variables?
    Also, do they except the current timestamp or a specific timestamp base on the requested data (e.g. time posted/added?).

    It might be that both your server and their server's times are not sync and it fails on that (try using NTP if possible). Other than that, logic-wise your code seems legit.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •