Hi,
I have this block but I can't verify it with PHP. I don't understand why, I even tried with '123456' as message, but I have two differents strings, so my PHP returns a 403 code. Don't understand why.
Thanks
In my app :
On my server (in PHP) :
$hash = hash_hmac("sha256", $data, $key_wh, true);
if (base64_encode($hash) != $signature_from_app_inventor) {
http_response_code(403);
exit;
}
EDIT : it's for checking my received information on my server are really sent by my app (if the message is authentic). It's a signature header with an HMAC SHA256 hashed version of the secret and payload content.
TIMAI2
December 2, 2023, 9:21am
2
Not sure why you would do this? The whole point of a hash is to store private information on the server, it should be only there as a hash?
of course not, it's a signature to check passed information with an API and https headers.
I need to check if my hash is the same from the other side (with PHP on my server) to get sure my information is provided by my app.
It's a common thing. But in PHP my hash is not the same from the app.
TIMAI2
December 2, 2023, 9:34am
4
You say the two hashes are not the same, just the hmac hash or when base64 encoded ?
Test just the hmac hashes first...
The two are different.
Here :
Or :
And with PHP :
Got it !! Thanks TIMAI2
Returns a base64 encoded HMAC SHA256 hashApp Inventor Extensions: Tools | Pura Vida Apps
So I just need the HMAC block (not the Base64Encode one because it's already encoded), and for PHP, set "true" for the binaryhttps://www.php.net/manual/en/function.hash-hmac.php
$key = '])6jkSyuawVzJcL6QQ/%7>G,OT~rWX';
$message = '123456';
$hash = hash_hmac("sha256", $message, $key, true);
echo base64_encode($hash);
1 Like
system
December 9, 2023, 9:56am
7
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
