HMAC Algorithms and Encoding?
I'm working on a Cybersource Authorization form, which has a PHP sample page. I'm trying to use the hmac() function in CF10. However, the documentation on it is lacking to say the least. Parameters Parameter Required\Optional Description message Required The message to transmit. The message can be a String or a byte array. key Required The secret key to create HMAC. The key can be a String or a byte array. algorithm Optional Algorithm used. encoding Optional Encoding to be used. No where can I find the algorithms or encoding options that can be used. The example itself is of little use. Anyone have any links, lists etc, where I can find some? Thanks Sandy Clark About Web ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359247 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: HMAC Algorithms and Encoding?
Sandy, I do believe that you can use any algorithm that the hash function supports. Take a look at the documentation for hash and you will see what options you have. On Tue, Sep 9, 2014 at 8:34 AM, Sandra Clark sclarkli...@gmail.com wrote: I'm working on a Cybersource Authorization form, which has a PHP sample page. I'm trying to use the hmac() function in CF10. However, the documentation on it is lacking to say the least. Parameters Parameter Required\Optional Description message Required The message to transmit. The message can be a String or a byte array. key Required The secret key to create HMAC. The key can be a String or a byte array. algorithm Optional Algorithm used. encoding Optional Encoding to be used. No where can I find the algorithms or encoding options that can be used. The example itself is of little use. Anyone have any links, lists etc, where I can find some? Thanks Sandy Clark About Web ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359248 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: HMAC Algorithms and Encoding?
Tried that, I am now getting an error telling me that An error occurred while generating HMAC. Error: Algorithm SHA-256 not available. HASH() documentation is showing SHA-256 *sigh* -Original Message- From: Dean Lawrence [mailto:dean...@gmail.com] Sent: Tuesday, September 9, 2014 9:53 AM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Sandy, I do believe that you can use any algorithm that the hash function supports. Take a look at the documentation for hash and you will see what options you have. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359249 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: HMAC Algorithms and Encoding?
Sandy, what are you trying to encrypt? I ran into a similar issue recently trying to use AES 256 encryption for SFTP On Sep 9, 2014 10:47 AM, Sandra Clark sclarkli...@gmail.com wrote: Tried that, I am now getting an error telling me that An error occurred while generating HMAC. Error: Algorithm SHA-256 not available. HASH() documentation is showing SHA-256 *sigh* -Original Message- From: Dean Lawrence [mailto:dean...@gmail.com] Sent: Tuesday, September 9, 2014 9:53 AM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Sandy, I do believe that you can use any algorithm that the hash function supports. Take a look at the documentation for hash and you will see what options you have. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359250 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: HMAC Algorithms and Encoding?
Sandy, Looking at the example in the HMAC() docs, they prefixed the algorithm type with HMAC. Maybe if you try HMACSHA-256, to see if it works? On Tue, Sep 9, 2014 at 10:46 AM, Sandra Clark sclarkli...@gmail.com wrote: Tried that, I am now getting an error telling me that An error occurred while generating HMAC. Error: Algorithm SHA-256 not available. HASH() documentation is showing SHA-256 *sigh* -Original Message- From: Dean Lawrence [mailto:dean...@gmail.com] Sent: Tuesday, September 9, 2014 9:53 AM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Sandy, I do believe that you can use any algorithm that the hash function supports. Take a look at the documentation for hash and you will see what options you have. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359251 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: HMAC Algorithms and Encoding?
Thanks I'm trying to encrypt payment information for a group using CyberSource. I found documentation on encrypt() that specified using HMAC-SHAx (where x could be 256). Got the same error. http://help.adobe.com/livedocs/coldfusion/8/htmldocs/help.html?content=funct ions_e-g_01.html. CF10 documentation for encrypt is not as useful Since I don't have time to try every iteration that it could possibly be, I finally gave up, found Ben Nadel's Crypto library and it worked out of the box. But really, Adobe do the documentation correctly. HMAC Creates Hash-based Message Authentication Code for the given string based on the algorithm and encoding. Hash-based Message Authentication Code (HMAC) is used to verify the data integrity and authenticity of a message transmitted. It involves a cryptographic hash function in combination with a secret key. The cryptographic hash function can be Message Digest 5 (MD5), Secure Hash Algorithm (SHA), and so on. See also SessionInvalidate, Session Rotate. Example h2HMAC Test/h2 cfset x=hmac(Hi There,key1,HMACRIPEMD160) cfoutput#x#/cfoutput None of this tells me anything. Especially since I can't find any reference to HMACRIPEMD160 (hoping that would lead me to something) other than that HMAC documentation or some PDF's that are generated from the Wiki Pages and the above mentioned CF8 page, which again lists HMAC-SHA256. -Original Message- From: Dean Lawrence [mailto:dean...@gmail.com] Sent: Tuesday, September 9, 2014 11:01 AM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Sandy, Looking at the example in the HMAC() docs, they prefixed the algorithm type with HMAC. Maybe if you try HMACSHA-256, to see if it works? On Tue, Sep 9, 2014 at 10:46 AM, Sandra Clark sclarkli...@gmail.com wrote: Tried that, I am now getting an error telling me that An error occurred while generating HMAC. Error: Algorithm SHA-256 not available. HASH() documentation is showing SHA-256 *sigh* -Original Message- From: Dean Lawrence [mailto:dean...@gmail.com] Sent: Tuesday, September 9, 2014 9:53 AM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Sandy, I do believe that you can use any algorithm that the hash function supports. Take a look at the documentation for hash and you will see what options you have. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359252 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: HMAC Algorithms and Encoding?
I found that there are certain things that ColdFusion doesn't support 256 bit encryption for. SFTP and CFHTTP among others. The solution is to download and install the updated encryption library from Sun. I can post details when I'm not on my phone. On Sep 9, 2014 11:22 AM, Sandra Clark sclarkli...@gmail.com wrote: Thanks I'm trying to encrypt payment information for a group using CyberSource. I found documentation on encrypt() that specified using HMAC-SHAx (where x could be 256). Got the same error. http://help.adobe.com/livedocs/coldfusion/8/htmldocs/help.html?content=funct ions_e-g_01.html. CF10 documentation for encrypt is not as useful Since I don't have time to try every iteration that it could possibly be, I finally gave up, found Ben Nadel's Crypto library and it worked out of the box. But really, Adobe do the documentation correctly. HMAC Creates Hash-based Message Authentication Code for the given string based on the algorithm and encoding. Hash-based Message Authentication Code (HMAC) is used to verify the data integrity and authenticity of a message transmitted. It involves a cryptographic hash function in combination with a secret key. The cryptographic hash function can be Message Digest 5 (MD5), Secure Hash Algorithm (SHA), and so on. See also SessionInvalidate, Session Rotate. Example h2HMAC Test/h2 cfset x=hmac(Hi There,key1,HMACRIPEMD160) cfoutput#x#/cfoutput None of this tells me anything. Especially since I can't find any reference to HMACRIPEMD160 (hoping that would lead me to something) other than that HMAC documentation or some PDF's that are generated from the Wiki Pages and the above mentioned CF8 page, which again lists HMAC-SHA256. -Original Message- From: Dean Lawrence [mailto:dean...@gmail.com] Sent: Tuesday, September 9, 2014 11:01 AM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Sandy, Looking at the example in the HMAC() docs, they prefixed the algorithm type with HMAC. Maybe if you try HMACSHA-256, to see if it works? On Tue, Sep 9, 2014 at 10:46 AM, Sandra Clark sclarkli...@gmail.com wrote: Tried that, I am now getting an error telling me that An error occurred while generating HMAC. Error: Algorithm SHA-256 not available. HASH() documentation is showing SHA-256 *sigh* -Original Message- From: Dean Lawrence [mailto:dean...@gmail.com] Sent: Tuesday, September 9, 2014 9:53 AM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Sandy, I do believe that you can use any algorithm that the hash function supports. Take a look at the documentation for hash and you will see what options you have. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359253 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: HMAC Algorithms and Encoding?
Try HMACSHA256 for the algorithm see http://cfdocs.org/hmac -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes On Tue, Sep 9, 2014 at 11:22 AM, Sandra Clark sclarkli...@gmail.com wrote: Thanks I'm trying to encrypt payment information for a group using CyberSource. I found documentation on encrypt() that specified using HMAC-SHAx (where x could be 256). Got the same error. http://help.adobe.com/livedocs/coldfusion/8/htmldocs/help.html?content=funct ions_e-g_01.html. CF10 documentation for encrypt is not as useful Since I don't have time to try every iteration that it could possibly be, I finally gave up, found Ben Nadel's Crypto library and it worked out of the box. But really, Adobe do the documentation correctly. HMAC Creates Hash-based Message Authentication Code for the given string based on the algorithm and encoding. Hash-based Message Authentication Code (HMAC) is used to verify the data integrity and authenticity of a message transmitted. It involves a cryptographic hash function in combination with a secret key. The cryptographic hash function can be Message Digest 5 (MD5), Secure Hash Algorithm (SHA), and so on. See also SessionInvalidate, Session Rotate. Example h2HMAC Test/h2 cfset x=hmac(Hi There,key1,HMACRIPEMD160) cfoutput#x#/cfoutput None of this tells me anything. Especially since I can't find any reference to HMACRIPEMD160 (hoping that would lead me to something) other than that HMAC documentation or some PDF's that are generated from the Wiki Pages and the above mentioned CF8 page, which again lists HMAC-SHA256. -Original Message- From: Dean Lawrence [mailto:dean...@gmail.com] Sent: Tuesday, September 9, 2014 11:01 AM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Sandy, Looking at the example in the HMAC() docs, they prefixed the algorithm type with HMAC. Maybe if you try HMACSHA-256, to see if it works? On Tue, Sep 9, 2014 at 10:46 AM, Sandra Clark sclarkli...@gmail.com wrote: Tried that, I am now getting an error telling me that An error occurred while generating HMAC. Error: Algorithm SHA-256 not available. HASH() documentation is showing SHA-256 *sigh* -Original Message- From: Dean Lawrence [mailto:dean...@gmail.com] Sent: Tuesday, September 9, 2014 9:53 AM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Sandy, I do believe that you can use any algorithm that the hash function supports. Take a look at the documentation for hash and you will see what options you have. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359260 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: HMAC Algorithms and Encoding?
Thanks Pete! -Original Message- From: Pete Freitag [mailto:p...@foundeo.com] Sent: Tuesday, September 9, 2014 2:11 PM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Try HMACSHA256 for the algorithm see http://cfdocs.org/hmac -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes On Tue, Sep 9, 2014 at 11:22 AM, Sandra Clark sclarkli...@gmail.com wrote: Thanks I'm trying to encrypt payment information for a group using CyberSource. I found documentation on encrypt() that specified using HMAC-SHAx (where x could be 256). Got the same error. http://help.adobe.com/livedocs/coldfusion/8/htmldocs/help.html?content =funct ions_e-g_01.html. CF10 documentation for encrypt is not as useful Since I don't have time to try every iteration that it could possibly be, I finally gave up, found Ben Nadel's Crypto library and it worked out of the box. But really, Adobe do the documentation correctly. HMAC Creates Hash-based Message Authentication Code for the given string based on the algorithm and encoding. Hash-based Message Authentication Code (HMAC) is used to verify the data integrity and authenticity of a message transmitted. It involves a cryptographic hash function in combination with a secret key. The cryptographic hash function can be Message Digest 5 (MD5), Secure Hash Algorithm (SHA), and so on. See also SessionInvalidate, Session Rotate. Example h2HMAC Test/h2 cfset x=hmac(Hi There,key1,HMACRIPEMD160) cfoutput#x#/cfoutput None of this tells me anything. Especially since I can't find any reference to HMACRIPEMD160 (hoping that would lead me to something) other than that HMAC documentation or some PDF's that are generated from the Wiki Pages and the above mentioned CF8 page, which again lists HMAC-SHA256. -Original Message- From: Dean Lawrence [mailto:dean...@gmail.com] Sent: Tuesday, September 9, 2014 11:01 AM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Sandy, Looking at the example in the HMAC() docs, they prefixed the algorithm type with HMAC. Maybe if you try HMACSHA-256, to see if it works? On Tue, Sep 9, 2014 at 10:46 AM, Sandra Clark sclarkli...@gmail.com wrote: Tried that, I am now getting an error telling me that An error occurred while generating HMAC. Error: Algorithm SHA-256 not available. HASH() documentation is showing SHA-256 *sigh* -Original Message- From: Dean Lawrence [mailto:dean...@gmail.com] Sent: Tuesday, September 9, 2014 9:53 AM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Sandy, I do believe that you can use any algorithm that the hash function supports. Take a look at the documentation for hash and you will see what options you have. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359263 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: HMAC Algorithms and Encoding?
Does SHA256 require the Java Cryptography Extension be installed, or is that just SHA512 and above? -Carl V. On 9/9/2014 11:36 AM, Sandra Clark wrote: Thanks Pete! -Original Message- From: Pete Freitag [mailto:p...@foundeo.com] Sent: Tuesday, September 9, 2014 2:11 PM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Try HMACSHA256 for the algorithm see http://cfdocs.org/hmac -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes On Tue, Sep 9, 2014 at 11:22 AM, Sandra Clark sclarkli...@gmail.com wrote: ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359264 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: HMAC Algorithms and Encoding?
I would take a guess that it does, I needed to do it to get AES 256 to work for SFTP On Sep 9, 2014 4:05 PM, Carl Von Stetten vonner.li...@vonner.net wrote: Does SHA256 require the Java Cryptography Extension be installed, or is that just SHA512 and above? -Carl V. On 9/9/2014 11:36 AM, Sandra Clark wrote: Thanks Pete! -Original Message- From: Pete Freitag [mailto:p...@foundeo.com] Sent: Tuesday, September 9, 2014 2:11 PM To: cf-talk Subject: Re: HMAC Algorithms and Encoding? Try HMACSHA256 for the algorithm see http://cfdocs.org/hmac -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes On Tue, Sep 9, 2014 at 11:22 AM, Sandra Clark sclarkli...@gmail.com wrote: ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359265 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
