当前位置: 文江博客话题详情

HMAC SHA1 ColdFusion

发布于 2024-09-03 21:52:31 字数 492 浏览 7 评论 0原文

请帮忙!我一直在为这个拔头发。 :)

我有一个网站需要 HMAC SHA1 进行身份验证。它目前可以使用另一种语言,但现在我需要将其转移到 ColdFusion。对于我的一生,我无法让琴弦相匹配。任何帮助将不胜感激。

数据:https%3A%2F%2Fwww%2Etestwebsite%2Ecom%3Fid%3D5447
密钥:<代码>265D5C01D1B4C8FA28DC55C113B4D21005BB2B348859F674977B24E0F37C81B05FAE85FB75EA9CF53ABB9A174C59D98C7A61E2985026D2AA70AE4452A6E3F2 F9

正确答案:WJd%2BKxmFxGWdb​​w4xQJZXd3%2FHkFQ%3d
我的答案:knIVr6wIt6%2Fl7mBJPTTbwQoTIb8%3d

两者都是Base64编码,然后URL编码。

原文

Please help! I have been pulling out my hair over this one. :)

I have a site that I need to HMAC SHA1 for authentication. It currently works with another language but now I need to move it to ColdFusion. For the life of me I cannot get the strings to match. Any assistance would be much appreciated.

Data: https%3A%2F%2Fwww%2Etestwebsite%2Ecom%3Fid%3D5447
Key: 265D5C01D1B4C8FA28DC55C113B4D21005BB2B348859F674977B24E0F37C81B05FAE85FB75EA9CF53ABB9A174C59D98C7A61E2985026D2AA70AE4452A6E3F2F9

Correct answer: WJd%2BKxmFxGWdbw4xQJZXd3%2FHkFQ%3d
My answer: knIVr6wIt6%2Fl7mBJPTTbwQoTIb8%3d

Both are Base64 encoded and then URL encoded.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

世界如花海般美丽 2024-09-10 21:52:31

我自己做一个 HMAC-SHA1 的事情。我能说的最多的是我找到了这个旧功能。到目前为止,对我正在做的事情非常有效。忘了在哪里找到它,所以我不能相信作者。

对于您的 Base 64 内容...在加密上运行此函数,然后只需对返回的内容执行 cfset newString = toBase64(oldString) 即可。

<cffunction name="hmacEncrypt" returntype="binary" access="public" output="false">
   <cfargument name="signKey" type="string" required="true" />
   <cfargument name="signMessage" type="string" required="true" />
   <cfargument name="algorithm" type="string" default="HmacSHA1" />
   <cfargument name="charset" type="string" default="UTF-8" />

   <cfset var msgBytes = charsetDecode(arguments.signMessage, arguments.charset) />
   <cfset var keyBytes = charsetDecode(arguments.signKey, arguments.charset) />
   <cfset var keySpec = createObject("java","javax.crypto.spec.SecretKeySpec")  />
   <cfset var mac = createObject("java","javax.crypto.Mac") />

   <cfset key = keySpec.init(keyBytes, arguments.algorithm) />
   <cfset mac = mac.getInstance(arguments.algorithm) />
   <cfset mac.init(key) />
   <cfset mac.update(msgBytes) />

   <cfreturn mac.doFinal() />
</cffunction>

Doing an HMAC-SHA1 thing myself. Best I can say is that I found this old function. Has worked great for what I am doing thus far. Forgot where I found it though so I can't credit the author.

For your Base 64 stuff... run this function on your encryption, then just do a cfset newString = toBase64(oldString) on what is returned.

<cffunction name="hmacEncrypt" returntype="binary" access="public" output="false">
   <cfargument name="signKey" type="string" required="true" />
   <cfargument name="signMessage" type="string" required="true" />
   <cfargument name="algorithm" type="string" default="HmacSHA1" />
   <cfargument name="charset" type="string" default="UTF-8" />

   <cfset var msgBytes = charsetDecode(arguments.signMessage, arguments.charset) />
   <cfset var keyBytes = charsetDecode(arguments.signKey, arguments.charset) />
   <cfset var keySpec = createObject("java","javax.crypto.spec.SecretKeySpec")  />
   <cfset var mac = createObject("java","javax.crypto.Mac") />

   <cfset key = keySpec.init(keyBytes, arguments.algorithm) />
   <cfset mac = mac.getInstance(arguments.algorithm) />
   <cfset mac.init(key) />
   <cfset mac.update(msgBytes) />

   <cfreturn mac.doFinal() />
</cffunction>
回复 原文
自我难过 2024-09-10 21:52:31

更短的加密方法(基于 Barney's方法)输出字符串:

<cffunction name="CFHMAC" output="false" returntype="string">
   <cfargument name="signMsg" type="string" required="true" />
   <cfargument name="signKey" type="string" required="true" />
   <cfargument name="encoding" type="string" default="utf-8" />
   <cfset var key = createObject("java", "javax.crypto.spec.SecretKeySpec").init(signKey.getBytes(arguments.encoding), "HmacSHA1") />
   <cfset var mac = createObject("java", "javax.crypto.Mac").getInstance("HmacSHA1") />
   <cfset mac.init(key) />
   <cfreturn toBase64(mac.doFinal(signMsg.getBytes(arguments.encoding))) />
</cffunction>

此外,

  1. ColdFusion 10 本身支持 HMAC-SHA1 进行加密和散列。
  2. 有一个名为 CF_HMAC 由 Adob​​e 分发的库
  3. 有几个库在为 Amazon 签名文件时处理相关的 HMAC。其中包括 cf-amazon-s3Barney 的 S3 URL 生成器RIAForge S3

A shorter encryption method (based on Barney's method) that outputs a string:

<cffunction name="CFHMAC" output="false" returntype="string">
   <cfargument name="signMsg" type="string" required="true" />
   <cfargument name="signKey" type="string" required="true" />
   <cfargument name="encoding" type="string" default="utf-8" />
   <cfset var key = createObject("java", "javax.crypto.spec.SecretKeySpec").init(signKey.getBytes(arguments.encoding), "HmacSHA1") />
   <cfset var mac = createObject("java", "javax.crypto.Mac").getInstance("HmacSHA1") />
   <cfset mac.init(key) />
   <cfreturn toBase64(mac.doFinal(signMsg.getBytes(arguments.encoding))) />
</cffunction>

In addition

  1. ColdFusion 10 supports HMAC-SHA1 for Encrypting and Hashing natively.
  2. There is a library called CF_HMAC distributed by Adobe
  3. There are several libraries that deal with HMAC in relation while signing files for Amazon. Among them are cf-amazon-s3, Barney's S3 URL Builder, and RIAForge S3
回复 原文
一抹苦笑 2024-09-10 21:52:31

史蒂夫 - 感谢您的回复。我实际上已经在使用 hmacEncrypt 函数了。不过我确实弄清楚了我的问题。我传递的是十六进制键而不是字符串。它接受了密钥,因为从技术上讲它是一个字符串。为了将其恢复为字符串,除了上面的函数之外,我还使用了另一个函数。下面的代码将十六进制更改为字符串。我没有编写下面的函数,也不记得它从哪里获得作者的认可,但它效果很好。

<cffunction name="Hex2Bin" returntype="any" hint="Converts a Hex string to binary">
    <cfargument name="inputString" type="string" required="true" hint="The hexadecimal string to be written.">
    <cfset var outStream = CreateObject("java", "java.io.ByteArrayOutputStream").init()>
    <cfset var inputLength = Len(arguments.inputString)>
    <cfset var outputString = "">
    <cfset var i = 0>
    <cfset var ch = "">
    <cfif inputLength mod 2 neq 0>
    <cfset arguments.inputString = "0" & inputString>
    </cfif>
    <cfloop from="1" to="#inputLength#" index="i" step="2">
        <cfset ch = Mid(inputString, i, 2)>
        <cfset outStream.write(javacast("int", InputBaseN(ch, 16)))>
    </cfloop>
    <cfset outStream.flush()>
    <cfset outStream.close()> 
    <cfreturn outStream.toByteArray()>
</cffunction>

Steve - Thanks for your response. I actually was using the hmacEncrypt function already. I did figure out my issue though. I was passing in a HEX key instead of a string. It accepted the key because technically it was a string. To get it back to a string I used another function along with the one above. The one below changes the HEX into a string. I didn't write the function below nor do I remember where it came from to get the author credit, but it worked great.

<cffunction name="Hex2Bin" returntype="any" hint="Converts a Hex string to binary">
    <cfargument name="inputString" type="string" required="true" hint="The hexadecimal string to be written.">
    <cfset var outStream = CreateObject("java", "java.io.ByteArrayOutputStream").init()>
    <cfset var inputLength = Len(arguments.inputString)>
    <cfset var outputString = "">
    <cfset var i = 0>
    <cfset var ch = "">
    <cfif inputLength mod 2 neq 0>
    <cfset arguments.inputString = "0" & inputString>
    </cfif>
    <cfloop from="1" to="#inputLength#" index="i" step="2">
        <cfset ch = Mid(inputString, i, 2)>
        <cfset outStream.write(javacast("int", InputBaseN(ch, 16)))>
    </cfloop>
    <cfset outStream.flush()>
    <cfset outStream.close()> 
    <cfreturn outStream.toByteArray()>
</cffunction>
回复 原文
~没有更多了~

关于作者

污味仙女

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文