DougS - thanks for the reply. The key I'm using above is just an example and was a bad example in hindsight :) - I'll PM'd you the real key.. I'm thinking now the key might be the problem and as you say each implementation is potentially different if the encode string is not 100% right.
I did some further testing using your example MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= since we've confirmed its encoded. It works as expected. I suspect the key we received from the 3rd party site, as you mentioned, not properly encoded, although with php we can get a token using this key.
PHP
echo base64_encode(hash_hmac('sha256', "the quick brown fox jumps over the lazy dog", "12345678901234567890" , true));
echo "<br>";
echo base64_encode(hash_hmac('sha256', "the quick brown fox jumps over the lazy dog", base64_decode("MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=") , true));Returns
XIDINszyYHIP5vszuWRnyP/4/p/y0COFZHV8tzcxPh4= XIDINszyYHIP5vszuWRnyP/4/p/y0COFZHV8tzcxPh4=
Freemarker
<#assign signature = utils.digest.hmac("HmacSHA256", "12345678901234567890", "the quick brown fox jumps over the lazy dog") />
<#assign signature2 = utils.digest.hmac("HmacSHA256", utils.base64.decode("MTIzNDU2Nzg5MDEyMzQ1Njc4OTA="), "the quick brown fox jumps over the lazy dog") />
${signature}
<br>
${signature2}Returns
XIDINszyYHIP5vszuWRnyP/4/p/y0COFZHV8tzcxPh4= XIDINszyYHIP5vszuWRnyP/4/p/y0COFZHV8tzcxPh4=
Actually, you know what I don't think the key is all that sensitive on its own, its a testing key anyway and you need an app Id and other stuff.. So here it is again with the real key :)
PHP
echo base64_encode(hash_hmac('sha256', "the quick brown fox jumps over the lazy dog", base64_decode("2ZKF2RDckw3M++TwLVP8t+AQIU66Rj3mCykTbMwBnOWUpAnM") , true));Result
2IweFAZF3mu13aizUcTjRV450W1LEwISUJnRnOapOUk=
Freemarker
<#assign signature = utils.digest.hmac("HmacSHA256", utils.base64.decode("2ZKF2RDckw3M++TwLVP8t+AQIU66Rj3mCykTbMwBnOWUpAnM"), "the quick brown fox jumps over the lazy dog") />
${signature}Result
w868e7nxYVl+qNTNMg6Zb4rLOh02x0jC5i8LYfkeVuE=
Today we've tried various charsets since the HMAC routines accept charset parameters for the string if the input isn't UTF-8. No luck so far. I'm really not sure what specifically is the problem, but as you can see from my last post we're are getting different results with that key. Unfortunately the unencoded version of that key is a bunch of garble and not nice ascii like our example.
The raw unencoded hex is
0000000 d9 92 85 d9 10 dc 93 0d cc fb e4 f0 2d 53 fc b7 0000010 e0 10 21 4e ba 46 3d e6 0b 29 13 6c cc 01 9c e5 0000020 94 a4 09 cc 0000024
Any ideas how I can get this back into Freemarker as a UTF-8 string? And don't say base 64 encode it :)
