Hash_hmac in using pure classic ASP

Question

Hash_hmac in using pure classic ASP

I want to know if there is a way to achieve hash_hmac("sha256", $token, $signkey, true) (php) in classic ASP?

I need this to check signed_request from Facebook https://developers.facebook.com/docs/howtos/login/signed-request/

 // Adding the verification of the signed_request below $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); if ($sig !== $expected_sig) { error_log('Bad Signed JSON signature!'); return null; }

+4

asp-classic

Jesper ah Jan 2 '13 at 17:16

source share

3 answers

Sander_P · Answer 1 · 2013-01-04T09:18:22+0000

I am using the file that I found on the Amazon forum. This is the stream: https://forums.aws.amazon.com/message.jspa?messageID=147377

It uses a .wsc file, which is just a JScript file that defines an object that you can use in your ASP code. Like this:

 ' ### be sure to have sha256.wsc in the same folder as this script Dim sha256 Set sha256 = GetObject( "script:" & Server.MapPath("sha256.wsc") ) sha256.hexcase = 0 Dim result result = sha256.b64_hmac_sha256( secretkey, stringtosign )

This is the file that was originally used to sign the Amazon API request. For reasons I don’t understand, this line of code in the .wsc file:

 d=d.replace ( /\s/g, "\n");

This converts all whitespace characters, including spaces, to '\ n'. It's hard to believe that spaces need to be converted to "\ n". Anyway, I had to comment on this line for the code to work for me! And it really works. I used it for a while without any problems.

From the sha256.wsc file:

 /* * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined * in FIPS 180-2 * Version 2.2 Copyright Angel Marin, Paul Johnston 2000 - 2009. * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet * Distributed under the BSD License * See http://pajhome.org.uk/crypt/md5 for details. * Adapted into a WSC for use in classic ASP by Daniel O'Malley * (based on an SHA-1 example by Erik Oosterwaal) * for use with the Amazon Product Advertising API */

Direct link to the sha256.wsc file: https://forums.aws.amazon.com/servlet/JiveServlet/download/9-34858-139271-2601/sha256.wsc

I could not find the official download site.

ulluoink · Answer 2 · 2013-01-03T10:06:18+0000

look at microsoft capicom.dll. you can download it here

link can be found here

another option is to implement the function with the .net class and make it "com visible" so that you can use DLL.net from the classic asp ...

ictmanagement · Answer 3 · 2016-02-19T16:42:50+0000

See how we use the javascript implementation of cryptographic algorithms in this repository: https://github.com/ictmanagement/redsysHMAC256_API_ASP

If you open this file: https://github.com/ictmanagement/redsysHMAC256_API_ASP/blob/master/include/dvim_apiRedsys_VB.asp , you will find out how we get the same result as the php hash_hmac("sha256", $token, $signkey, true)

  '/****** MAC Function ******/ 'recibe String|WordArray , retorna WordArray Private Function mac256(ent, key) Dim encWA Set encWA = ConvertUtf8StrToWordArray(ent) Dim keyWA Set keyWA = ConvertUtf8StrToWordArray(key) Dim resWA Set resWA = CryptoJS.HmacSHA256(encWA, keyWA) Set mac256 = resWA End Function

Hash_hmac in using pure classic ASP

More articles: