First it is worth noting that HMAC-SHA1 isnt actually encryption at all. Rather it is a hash. More specifically it is a keyed hash algorithm that produces a fixed length 160byte hash value. This hash is built from the SHA-1 hash algorithm and in your case will be used as an HMAC, or hash-based message authentication code. Technically this is not encryption. It is used to pass a message from sender to receiver in a way in which both parties can test whether the contents of the message have been tampered with in transmission (assuming both sides share a secret key, usually an asymetric one). Think of it like putting a little piece of scotch tape over a door jam to know if someone opened it.
Now, how would you produce this? My suggestion would be to use the server-side API's to generate the hash. If for example your server-side infrastructure is Java you could use a JCE 1.2 provider that supports a SHA-1 based HMAC. You can find a listing at http://java.sun.com/products/jce/jce122_providers.html Basically you will have the server-side generate the hash and simply return it to the browser. If you are doing this exchange over SSL and using some kind of strong authentication (say DIGEST or SSL-Mutual-Auth) you'll be able to be very sure the exchange was clean. If course, I think standard HTTP-AUTH over SSL would be plenty for most folks! In the end though, I would not assume an AS3 algorithm exists to generate such a hash. You should look to some kind of servant code to do that heavey lifting. -- Dave Wolf Cynergy Systems, Inc. Adobe Flex Alliance Partner http://www.cynergysystems.com http://www.cynergysystems.com/blogs Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In [email protected], "Luís Gustavo Sanabio" <[EMAIL PROTECTED]> wrote: > > Hi David, > > Yes, there are a lot of results about SHA1. But I need implement > HMAC-SHA1, that crypts a String using a Key. > > thanks, > Gustavo > > > 2006/9/3, David Mendels <[EMAIL PROTECTED]>: > > > > Hi, > > > > If you Google: AS3 SHA1, you will see multple threads, blog entries and > > work on this that can get you started I hope. > > > > HTH, > > -David > > > > ------------------------------ > > *From:* [email protected] [mailto:[EMAIL PROTECTED] *On > > Behalf Of *Luís Gustavo Sanabio > > *Sent:* Sunday, September 03, 2006 9:39 AM > > *To:* [email protected] > > *Subject:* [flexcoders] HMAC-SHA1 > > > > > > Hi, > > > > I would like to use Amazon S3 services, but I need to implement a > > HMAC-SHA1 to build a signature. > > Can anyone help me? > > > > thanks! > > Gustavo > > > > > -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
