I want to know, is there any way to achieve hash_hmac("sha256", $token, $signkey, true) (php) in classic ASP?
I need it to verificate the signed_request from Facebook https://developers.facebook.com/docs/howtos/login/signed-request/
// Adding the verification of the signed_request below
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
I have been using a file I found on an Amazon forum. This is the thread: https://forums.aws.amazon.com/message.jspa?messageID=147377
It uses a .wsc file, which is just a JScript file that defines a object you can use in your ASP code. Like this:
' ### be sure to have sha256.wsc in the same folder as this script
Dim sha256
Set sha256 = GetObject( "script:" & Server.MapPath("sha256.wsc") )
sha256.hexcase = 0
Dim result
result = sha256.b64_hmac_sha256( secretkey, stringtosign )
This is a file which was originally used to sign request to the Amazon API. For reasons I don't understand this included this line of code in .wsc file:
d=d.replace ( /\s/g, "\n");
This converts all whitespace characters, including spaces, to '\n'. Hard to believe that spaces need to be converted to "\n". Anyway, I had to comment out this line to make the code work for me! And it does work. I have been using it for a while without problems.
From the sha256.wsc file:
/*
* A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
* in FIPS 180-2
* Version 2.2 Copyright Angel Marin, Paul Johnston 2000 - 2009.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* Distributed under the BSD License
* See http://pajhome.org.uk/crypt/md5 for details.
* Adapted into a WSC for use in classic ASP by Daniel O'Malley
* (based on an SHA-1 example by Erik Oosterwaal)
* for use with the Amazon Product Advertising API
*/
Direct link to the sha256.wsc file: https://forums.aws.amazon.com/servlet/JiveServlet/download/9-34858-139271-2601/sha256.wsc
I have been unable to find an official download site.
have a look at the microsoft capicom.dll. you can download it here
the reference can be found here
another option is to implement the function with a .net class and make that "com visible" so you can use the .net DLL from classic asp...
Check how to we are using a javascript implementation of cryptography algoritms in this repository: https://github.com/ictmanagement/redsysHMAC256_API_ASP
If you open this file: https://github.com/ictmanagement/redsysHMAC256_API_ASP/blob/master/include/dvim_apiRedsys_VB.asp, you will find how we get same result as php function hash_hmac("sha256", $token, $signkey, true)
'/****** MAC Function ******/
'recibe String|WordArray , retorna WordArray
Private Function mac256(ent, key)
Dim encWA
Set encWA = ConvertUtf8StrToWordArray(ent)
Dim keyWA
Set keyWA = ConvertUtf8StrToWordArray(key)
Dim resWA
Set resWA = CryptoJS.HmacSHA256(encWA, keyWA)
Set mac256 = resWA
End Function
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 戒情不戒烟 的文章《hash_hmac in using pure classic ASP》','https://www.manongdao.com/article-448761.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}