locked
HMAC-SHA1 could anyone help me: RRS feed

  • Question

  • This URL points to a page on MSDN that may interest you: http://msdn.microsoft.com/en-us/library/aa382379(VS.85).aspx

    Hi. everyone
    could anyone help me?
    My platform is windows mobile 6.0
    i tested this URLhttp://msdn.microsoft.com/en-us/library/aa382379(VS.85).aspx sample code.
    but  Result was 48 f2 57 38 29 29 43 16 fd f4 db 58 31 e1 0c 74 48 8e d4 e2

    also i tested this URL http://buchananweb.co.uk/security01.aspx  by same input value.
     result was  4C2DE361BA8958558DE3D049ED1FB5C115656E65
    i don't konw
    please. Let me Konw  this reason.

    Key ="password"
    message="message"

    Monday, March 1, 2010 10:03 AM

Answers

  • I guess you are using the actual hex string as your key.  I get the expected result with this code:

    int _tmain(int argc, _TCHAR* argv[])
    {
        BYTE key[]="6d5391f390016b339033c5e99b134af5";
        BYTE msg[]="MDN=01011112222:APPID=PW00000001:NONCE=20100222113536";
        BYTE digest[20] = {0};
    
        int textLen = strlen((char*)msg);
        CHMAC_SHA1 hmacSha1;
        hmacSha1.HMAC_SHA1(msg, textLen, key, sizeof(key), digest);
    
        return 0;
    }
    
    • Proposed as answer by Eric Haddan Wednesday, March 3, 2010 7:00 PM
    • Marked as answer by Nancy Shao Monday, March 8, 2010 3:33 AM
    Tuesday, March 2, 2010 3:49 PM

All replies

  • I also did a test project recently where I had to use HMAC-SHA1 and used the MSDN code that you refered to above, and then found that it differed from what the .NET HMACSHA1 class gave me.  So then I tried CSHA1 by Dominik Reichl and it matched the result from the .NET HMACSHA1 class so I determined that the MSDN sample using the CryptoApi was not giving me the results I expected.  When I used the hash from CSHA1, everything worked perfectly and authenticated with the server I was communicating with.
    Monday, March 1, 2010 3:09 PM
  • First Thank you for your answer.
    but  I found  source from this URLhttp://www.codeproject.com/KB/recipes/HMACSHA1class.aspx 
    I tested various sample data by above project.
     most of result data value was correct.
    but

    BYTE key[]="6d5391f390016b339033c5e99b134af5";
    BYTE msg[]="MDN=01011112222:APPID=PW00000001:NONCE=20100222113536";

    i want to get this value  "C068E13C3F04DDF1ACAA020F88504EDD767BC3C0"
    i got this value "eda5a1533289ca93d3abf792a630739632369e91"

    i didn't understand  this reason.

    I'm sorry.
    could you give me sample code(C++ Version)?

    Tuesday, March 2, 2010 10:28 AM
  • I will dig up my source code, but I think your key is your problem.  I think you are passing the hex string of your key and it should be converted to binary.
    Tuesday, March 2, 2010 1:36 PM
  • I guess you are using the actual hex string as your key.  I get the expected result with this code:

    int _tmain(int argc, _TCHAR* argv[])
    {
        BYTE key[]="6d5391f390016b339033c5e99b134af5";
        BYTE msg[]="MDN=01011112222:APPID=PW00000001:NONCE=20100222113536";
        BYTE digest[20] = {0};
    
        int textLen = strlen((char*)msg);
        CHMAC_SHA1 hmacSha1;
        hmacSha1.HMAC_SHA1(msg, textLen, key, sizeof(key), digest);
    
        return 0;
    }
    
    • Proposed as answer by Eric Haddan Wednesday, March 3, 2010 7:00 PM
    • Marked as answer by Nancy Shao Monday, March 8, 2010 3:33 AM
    Tuesday, March 2, 2010 3:49 PM
  • I don't know if this is an alternative for you or not, but if are using native you could use this:

    http://msdn.microsoft.com/en-us/library/aa380255(VS.85).aspx

    We use it in our projects and have had good luck.  It's only a few simple calls.

    Tom
    Wednesday, March 3, 2010 3:04 AM