J W write:
>Are there any CF functions that can generate HMAC SHA1 in UTF-8?? I am
>completely new to the security hash thing, so I am not even sure where to
>start. Anyone with any pointers?
To generate the HMAC itself, you'll need to dip into Java, but that part is
pretty easy:
<cfscript>
// let Variables.keyBytes be the binary key
// let Variables.msgBytes be the binary message
// calculate an HMAC-SHA1 for the given key and message
Variables.key = CreateObject("java","javax.crypto.spec.SecretKeySpec");
Variables.key.init(Variables.keyBytes,"HmacSHA1");
Variables.hmac = CreateObject("java","javax.crypto.Mac");
Variables.hmac = Variables.hmac.getInstance("HmacSHA1");
Variables.hmac.init(Variables.key);
Variables.hmac.update(Variables.msgBytes);
Variables.hmac = Variables.hmac.doFinal();
// Variables.hmac now contains the binary HMAC
</cfscript>
Of course, a big part of your question is how to get the bytes. Since you have
the key in base64, you can use BinaryDecode() to get the keyBytes. As for the
message, if you have it in a CF string (and you're using MX 7), you should be
able to use CharsetDecode() to get the bytes; specify "UTF-8" as the encoding.
You could also do something like:
JavaCast("string",Variables.message).getBytes("UTF-8")
Sixten
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four
times a year.
http://www.fusionauthority.com/quarterly
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:260913
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
