Thanks Gustaf,
It works now.
p.s. I don't understand why the subject of this thread got replaced with a previous thread that I opened.
The original email that I sent has the subject: "Verifying HMAC signature [ns_crypto::hmac ...]"
-------- Original Message --------
Subject: Re: [naviserver-devel] What to do when [ns_base64encode]
doesn't encrypt properly after the 63rd char?
From: Gustaf Neumann <neum...@wu.ac.at>
Date: Tue, May 26, 2020 12:27 am
To: naviserver-devel@lists.sourceforge.net
Iuri,
The nsc_crypto::hmac performs the HMAC (Keyed-Hashing for
Message Authentication) as specified in RFC 2104, using a symmetric
key provided via argument.
The HMAC can be verified the same way as a plain digest (without a secret):
If a received HMAC (or digest) should be verified, it must be recomputed.
In the case of the HMAC, the receiver has to know the secret.
I see no need for an extra API call:
=========================================================================== set secret_key "foobar1234" set data "This is my data" set HMAC [ns_crypto::hmac string -digest sha256 $secret_key $data] # # To verify a received HMAC , one needs the key and the data as well # if { $HMAC eq [ns_crypto::hmac string -digest sha256 $secret_key $data] } { ns_log notice "Data verified" } =========================================================================== The ns_crypto interface provides as well the interface based on key files
(PEM files) provided for "ns_crypto::md". In the case of the pem
files, it is more effort to extract keys, since there exists several
algorithms, key types etc., which are in specified inside the PEM
files. Therefore, this interface works for multiple key types,
include RSA and elliptic curves.
In this variant, the message key can be signed with
set sig [::ns_crypto::md string ... -sign PEM ...] and verified with
