Skip to main content
S
srippstein
Participant
May 17, 2022
Answered

PHP base64_encode(hash_hmac()) to ToBase64(Hmac())

  • May 17, 2022
  • 1 reply
  • 1544 views

Hi there

I am looking for the right ColdFusion functions to compare with PHP functons.

In PHP:
PHP Calculations (these are the correct ones)

$xValue = base64_encode(hash_hmac("sha512", "test", true));
echo $xValue;


Is the result:
ZjNlNzQ4NGE3YmIyMjJmNDU4MzgxOTZhMTQzMDIwYjNmOGNkZDJhMDQzYjZjOWMyNWU4NTBk
MmM5NDk1MGQ5YTRhMzE5OGRmOWFmOWZhMDMxOGNmOGRhMDg2NGVmMzU2NGE2YWU1Mj
A3NTQwN2Q0ZmFmNjFjMjJkOGZiZDM3NGU=

 

In CF:

<cfset xMacValue = ToBase64(Hmac("test", "HMACSHA512")) />
<cfdump var="#xMacValue#" />

is the result:
NkJEQ0NEN0VFNkY1QUYyMTU5NjNENDY0NERBMDQwMjQ=.

Which CF functions do I need to use to get the result from PHP?

 

Thank you for your support
Steve

    This topic has been closed for replies.
    Correct answer BKBK

    I see no problem with the translation base64_encode (PHP) <=> toBase64 (ColdFusion). Therefore the issue is how to translate hash_hmac (PHP) to ColdFusion.

     

    Your latest code is a step in the right direction. However, I can now see another complication. The binary argument in hash_hmac is set to true.

     

    It means that the function returns binary in the form of a string. If the boolean flag were false, the function would have returned a Hex string instead.

     

    So I think the correct translations are:

     

    PHP:  hash_hmac("sha512","test", "testKey", false)
    CFML:  hmac("test","testKey","HMACSHA512")

     

    and

     

    PHP:   hash_hmac("sha512","test", "testKey", true)
    CFML:  binaryDecode(hmac("test","testKey","HMACSHA512"),"hex")

     

    1 reply

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    May 18, 2022

    There is some ambiguity in your PHP code. As such, you're not comparing like with like.

     

    Your PHP hash_hmac code is:

     

    hash_hmac("sha512", "test", true)

     

    The arguments are of respective type string, string and boolean. However, the signature of the PHP function should be:

    hash_hmac(
        string $algo,
        string $data,
        string $key,
        bool $binary = false
    )

    So it is unclear in your PHP code which value is the key and which value is the boolean binary flag.

     

    To avoid ambiguity, please specify the value of each of the 4 arguments. Only then can we make an accurate comparison.

     

     

    S
    srippsteinAuthor
    Participant
    May 19, 2022

    Hello
    I'll give another example.

     

    PHP:

    $xValue = base64_encode(hash_hmac("sha512","test", "testKey", true));
echo $xValue;

    Result:
    K5AyiPLqUMYx0MTfNQMHkrQOGBzMIpafr/u/kdz4KlnnDz4TcpaDp5HT06jxfcF0Vr+qijLvA3wuIcoAYDvCyg==

     

    ColdFusion

    <cfset xMacValue = ToBase64(Hmac("test", "testKey", "HMACSHA512")) />
<cfdump var="#xMacValue#" />

    Result:
    MkI5MDMyODhGMkVBNTBDNjMxRDBDNERGMzUwMzA3OTJCNDBFMTgxQ0NDMjI5NjlGQUZGQkJGOTFEQ0Y4MkE1OUU3MEYzRTEzNzI5NjgzQTc5MUQzRDNBOEYxN0RDMTc0NTZCRkFBOEEzMkVGMDM3QzJFMjFDQTAwNjAzQkMyQ0E=

     

    Thank you for your support.
    Steve

    BKBK
    Community Expert
    BKBKCommunity ExpertCorrect answer
    Community Expert
    May 19, 2022

    I see no problem with the translation base64_encode (PHP) <=> toBase64 (ColdFusion). Therefore the issue is how to translate hash_hmac (PHP) to ColdFusion.

     

    Your latest code is a step in the right direction. However, I can now see another complication. The binary argument in hash_hmac is set to true.

     

    It means that the function returns binary in the form of a string. If the boolean flag were false, the function would have returned a Hex string instead.

     

    So I think the correct translations are:

     

    PHP:  hash_hmac("sha512","test", "testKey", false)
    CFML:  hmac("test","testKey","HMACSHA512")

     

    and

     

    PHP:   hash_hmac("sha512","test", "testKey", true)
    CFML:  binaryDecode(hmac("test","testKey","HMACSHA512"),"hex")

     

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices