J W write: >Are there any CF functions that can generate HMAC SHA1 in UTF-8?? I am >completely new to the security hash thing, so I am not even sure where to >start. Anyone with any pointers?
To generate the HMAC itself, you'll need to dip into Java, but that part is pretty easy: <cfscript> // let Variables.keyBytes be the binary key // let Variables.msgBytes be the binary message // calculate an HMAC-SHA1 for the given key and message Variables.key = CreateObject("java","javax.crypto.spec.SecretKeySpec"); Variables.key.init(Variables.keyBytes,"HmacSHA1"); Variables.hmac = CreateObject("java","javax.crypto.Mac"); Variables.hmac = Variables.hmac.getInstance("HmacSHA1"); Variables.hmac.init(Variables.key); Variables.hmac.update(Variables.msgBytes); Variables.hmac = Variables.hmac.doFinal(); // Variables.hmac now contains the binary HMAC </cfscript> Of course, a big part of your question is how to get the bytes. Since you have the key in base64, you can use BinaryDecode() to get the keyBytes. As for the message, if you have it in a CF string (and you're using MX 7), you should be able to use CharsetDecode() to get the bytes; specify "UTF-8" as the encoding. You could also do something like: JavaCast("string",Variables.message).getBytes("UTF-8") Sixten ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:260913 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4