Use [`hash_hmac`][1]:

    $sig = hash_hmac(&#39;sha256&#39;, $string, $secret)

Where `$secret` is your key.

[1]:http://dk2.php.net/manual/en/function.hash-hmac.php

The [**`hash_hmac()`**][1] function could help, here :

&gt; Generate a keyed hash value using the
&gt; HMAC method

&lt;br&gt;
For example, the following portion of code :

    $hash = hash_hmac(&#39;sha256&#39;, &#39;hello, world!&#39;, &#39;mykey&#39;);
    var_dump($hash);

Gives the following output :

    string &#39;07a932dd17adc59b49561f33980ec5254688a41f133b8a26e76c611073ade89b&#39; (length=64)


&lt;br&gt;
And, to get the list of hashing algorithms that can be used, see [**`hash_algos()`**][2].


  [1]: http://php.net/manual/en/function.hash-hmac.php
  [2]: http://php.net/manual/en/function.hash-algos.php

Here is an example of **datatrans transaction signing** (swiss e-payment solution) before call PSP with **HMAC-SHA-256**.

Hope it could help some developers.

    $hmacKey    = 30911337928580013;
    
    $merchantId = 1100004624;
    $amount     = $total * 100;
    $currency   = &#39;EUR&#39;;
    $refno      = $orderId;
    
    // HMAC Hex to byte
    $secret     = hex2bin(&quot;$hmacKey&quot;);
        
    // Concat infos
    $string     = $merchantId . $amount. $currency . $refno;
        
    // generate SIGN
    $sign       = bin2hex(hash_hmac(&#39;sha256&#39;, $string, $secret)); 

*Note: the merchant ID and HMAC key are both from Datatrans documentation available here : https://admin.sandbox.datatrans.com/showcase/doc/Technical_Implementation_Guide.pdf*

I can&#39;t answer due to lack of reputation, but @Melomans way in combination with ZPiDER&#39;s answer leads to using only
```
$hash       = hash_hmac(&#39;sha256&#39;, $string, $secret);
```
for a correct Datatrans signing

okay to sign your data with hash_hmach 
all you need is to do the following 
1. get your secret key
2. choose a cipher mode or method example sha1,sha256, etc
3. create a variable that will hold your encrypted data call it whatever you like 
Therefore the code will look like this

 

&lt;!-- begin snippet: js hide: false console: true babel: false --&gt;

&lt;!-- language: lang-html --&gt;

    $signData= hash_hmac(&quot;sha256&quot;,$dataToBeSigned,$yourSecretKey);

&lt;!-- end snippet --&gt;



The following statements give the same result (one is using `on`, and the other using `where`):

    mysql&gt; select * from gifts INNER JOIN sentGifts ON gifts.giftID = sentGifts.giftID;
    mysql&gt; select * from gifts INNER JOIN sentGifts WHERE gifts.giftID = sentGifts.giftID;

I can only see in a case of a Left Outer Join finding the &quot;unmatched&quot; cases:  
(to find out the gifts that were never sent by anybody)

    mysql&gt; select name from gifts LEFT OUTER JOIN sentgifts 
               ON gifts.giftID = sentgifts.giftID 
               WHERE sentgifts.giftID IS NULL;

In this case, it is first using `on`, and then `where`.  Does the `on` first do the matching, and then `where` does the &quot;secondary&quot; filtering?  Or is there a more general rule of using `on` versus `where`?   Thanks.



In SQL / MySQL, what is the difference between &quot;ON&quot; and &quot;WHERE&quot; in a join statement?

In the UISearchBar control, is the a way to change the Search key title for the keyboard to Done?

Change UISearchBar/Keyboard Search Button Title

Is there any way to create a HmacSHA256 signature of a string in php?

PHP: How can I generate a HmacSHA256 signature of a string

<p>Is there any way to create a HmacSHA256 signature of a string in php?</p>


I really haven&#39;t found normal example of PHP file where MySQL transactions are being used. Can you show me simple example of that? 

And one more question. I&#39;ve already done a lot of programming and didn&#39;t use transactions. Can I put a PHP function or something in `header.php` that if one `mysql_query` fails, then the others fail too?


---

I think I have figured it out, is it right?:

    mysql_query(&quot;SET AUTOCOMMIT=0&quot;);
    mysql_query(&quot;START TRANSACTION&quot;);
    
    $a1 = mysql_query(&quot;INSERT INTO rarara (l_id) VALUES(&#39;1&#39;)&quot;);
    $a2 = mysql_query(&quot;INSERT INTO rarara (l_id) VALUES(&#39;2&#39;)&quot;);
    
    if ($a1 and $a2) {
    	mysql_query(&quot;COMMIT&quot;);
    } else {    	
    	mysql_query(&quot;ROLLBACK&quot;);
    }

PHP + MySQL transactions examples

Well, the following returns what date was 5 days ago:

    $days_ago = date(&#39;Y-m-d&#39;, mktime(0, 0, 0, date(&quot;m&quot;) , date(&quot;d&quot;) - 5, date(&quot;Y&quot;)));

But, how do I find what was 5 days ago from **any date**, not just today?

For example: What was 5 days prior to 2008-12-02?

How to find out what the date was 5 days ago?

While going through a [Zend tutorial][1], I came across the following statement:

&gt; Note that the php_flag settings in .htaccess only work if you are using mod_php.

Can someone explain what that means?

  [1]: http://akrabat.com/wp-content/uploads/getting-started-with-the-zend-framework_122.pdf

What is mod_php?

In Magento, how can I get active store information, like store name, line number, etc?

How to get store information in Magento?

I can&#39;t seem to get any consistent info on this. Different sources appear to say different things and the venerable php.net itself (*appears*) not to explicitly state this - although, I must admit, I only had a quick look.

In cases where I am passing around &#39;heavy&#39; objects, I need to pass by reference, but I don&#39;t want to keep typing:

    function foo(TypeName&amp; $obj)

if I can get away with simply

    function foo(TypeName $obj)

So what does the standard say?


Are PHP5 objects passed by reference?

I&#39;m looking at implementing an app getting [Twitter authorization via Oauth][1] in Java. The first step is [getting a request token][2]. Here is a [Python example][3] for app engine. 

To test my code, I am running Python and checking output with Java. Here is an example of Python generating a Hash-Based Message Authentication Code (HMAC):

    #!/usr/bin/python

    from hashlib import sha1
    from hmac import new as hmac

    key = &quot;qnscAdgRlkIhAUPY44oiexBKtQbGY0orf7OV1I50&quot;
    message = &quot;foo&quot;

    print &quot;%s&quot; % hmac(key, message, sha1).digest().encode(&#39;base64&#39;)[:-1]

Output:

    $ ./foo.py
    +3h2gpjf4xcynjCGU5lbdMBwGOc=

How does one replicate this example in Java?

I&#39;ve seen an [example of HMAC][4] in Java:

    try {
        // Generate a key for the HMAC-MD5 keyed-hashing algorithm; see RFC 2104
        // In practice, you would save this key.
        KeyGenerator keyGen = KeyGenerator.getInstance(&quot;HmacMD5&quot;);
        SecretKey key = keyGen.generateKey();
    
        // Create a MAC object using HMAC-MD5 and initialize with key
        Mac mac = Mac.getInstance(key.getAlgorithm());
        mac.init(key);
    
        String str = &quot;This message will be digested&quot;;
    
        // Encode the string into bytes using utf-8 and digest it
        byte[] utf8 = str.getBytes(&quot;UTF8&quot;);
        byte[] digest = mac.doFinal(utf8);
    
        // If desired, convert the digest into a string
        String digestB64 = new sun.misc.BASE64Encoder().encode(digest);
    } catch (InvalidKeyException e) {
    } catch (NoSuchAlgorithmException e) {
    } catch (UnsupportedEncodingException e) {
    }

It uses [javax.crypto.Mac][5], all good. However, the [SecretKey][6] constructors take bytes and an algorithm. 

What&#39;s the algorithm in the Python example? How can one create a Java secret key without an algorithm?

  [1]: http://apiwiki.twitter.com/Authentication
  [2]: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-request_token
  [3]: http://github.com/tav/tweetapp/blob/master/standalone/twitter_oauth_handler.py
  [4]: http://exampledepot.8waytrips.com/egs/javax.crypto/GenMac.html
  [5]: http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/javax/crypto/Mac.html
  [6]: http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/javax/crypto/SecretKey.html

How to generate an HMAC in Java equivalent to a Python example?

My understanding of a message digest is that it&#39;s an encrypted hash of some data sent along with the encrypted data so you may verify that the data has not been tampered with. What is the difference then between this and message authentication codes (MAC) and hash MACs (HMAC)?

What&#39;s the difference between Message Digest, Message Authentication Code, and HMAC?

I am trying to make use of a REST API using C#. The API creator has provided sample libraries in PHP, Ruby and Java. I am getting hung up on one part of it where I need to generate an [`HMAC`][1].

Here&#39;s how it is done in the sample libraries they have provided.

**PHP**   

    hash_hmac(&#39;sha1&#39;, $signatureString, $secretKey, false);

**Ruby**  

    digest = OpenSSL::Digest::Digest.new(&#39;sha1&#39;)
    return OpenSSL::HMAC.hexdigest(digest, secretKey, signatureString)

**Java**

    SecretKeySpec signingKey = new SecretKeySpec(secretKey.getBytes(), HMAC_SHA1_ALGORITHM);

    Mac mac = null;
    mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
    mac.init(signingKey);

    byte[] bytes = mac.doFinal(signatureString.getBytes());

    String form = &quot;&quot;;
    for (int i = 0; i &lt; bytes.length; i++)
    {
        String str = Integer.toHexString(((int)bytes[i]) &amp; 0xff);
        if (str.length() == 1)
        {
            str = &quot;0&quot; + str;
        }

        form = form + str;
    }
    return form;

**Here&#39;s my attempt in C#. &lt;strike&gt;It is not working.&lt;/strike&gt; UPDATE:** The C# example below works just fine. I found out that the real problem was due to some cross-platform differences in newline characters in my `signatureString`.

    var enc = Encoding.ASCII;
    HMACSHA1 hmac = new HMACSHA1(enc.GetBytes(secretKey));
    hmac.Initialize();

    byte[] buffer = enc.GetBytes(signatureString);
    return BitConverter.ToString(hmac.ComputeHash(buffer)).Replace(&quot;-&quot;, &quot;&quot;).ToLower();

  [1]: http://en.wikipedia.org/wiki/HMAC


How to generate HMAC-SHA1 in C#?

I&#39;m hashing some values using HMAC-SHA1, using the following code in Java:

    public static String hmacSha1(String value, String key) {
		try {
			// Get an hmac_sha1 key from the raw key bytes
			byte[] keyBytes = key.getBytes();			
			SecretKeySpec signingKey = new SecretKeySpec(keyBytes, &quot;HmacSHA1&quot;);
			 
			// Get an hmac_sha1 Mac instance and initialize with the signing key
			Mac mac = Mac.getInstance(&quot;HmacSHA1&quot;);
			mac.init(signingKey);

			// Compute the hmac on input data bytes
			byte[] rawHmac = mac.doFinal(value.getBytes());
			
			// Convert raw bytes to Hex
			byte[] hexBytes = new Hex().encode(rawHmac);
			
			//  Covert array of Hex bytes to a String
			return new String(hexBytes, &quot;UTF-8&quot;);
		} catch (Exception e) {
			throw new RuntimeException(e);
		}
	}

`Hex()` belongs to `org.apache.commons.codec`

In PHP there&#39;s a similar function `hash_hmac(algorithm, data, key)` that I use to compare the values returned by my Java implementation.

So the first try is:

    hash_hmac(&quot;sha1&quot;, &quot;helloworld&quot;, &quot;mykey&quot;) // PHP

that returns: `74ae5a4a3d9996d5918defc2c3d475471bbf59ac`

My Java function returns `74ae5a4a3d9996d5918defc2c3d475471bbf59ac` as well.

Ok, it seems working. Then I try to use a more complex key:

    hash_hmac(&quot;sha1&quot;, &quot;helloworld&quot;, &quot;PRIE7$oG2uS-Yf17kEnUEpi5hvW/#AFo&quot;) // PHP

that returns: `e98bcc5c5be6f11dc582ae55f520d1ec4ae29f7a`

While this time my Java impl returns: `c19fccf57c613f1868dd22d586f9571cf6412cd0`


The hash returned by my PHP code is not equal to the value returned by my Java function, and I can&#39;t find out why.

Any tips?

HMAC-SHA1: How to do it properly in Java?

I am trying to create a signature using the HMAC-SHA256 algorithm and this is my code.
I am using US ASCII encoding.

    final Charset asciiCs = Charset.forName(&quot;US-ASCII&quot;);
    final Mac sha256_HMAC = Mac.getInstance(&quot;HmacSHA256&quot;);
    final SecretKeySpec secret_key = new javax.crypto.spec.SecretKeySpec(asciiCs.encode(&quot;key&quot;).array(), &quot;HmacSHA256&quot;);
    sha256_HMAC.init(secret_key);
    final byte[] mac_data = sha256_HMAC.doFinal(asciiCs.encode(&quot;The quick brown fox jumps over the lazy dog&quot;).array());
    String result = &quot;&quot;;
    for (final byte element : mac_data)
    {
        result += Integer.toString((element &amp; 0xff) + 0x100, 16).substring(1);
    }
    System.out.println(&quot;Result:[&quot; + result + &quot;]&quot;);

The result that I am getting from the above code is:

    f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8

This is same as to that of shown in the wiki

    HMAC_SHA256(&quot;key&quot;, &quot;The quick brown fox jumps over the lazy dog&quot;) = 0x f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8

_except_ for the `0x`.

I am looking for ideas/comments if I am doing everything right or may be I can improve my code.

Content Type	Original Author	Original Content on Stackoverflow
Question	tarnfeld	View Question on Stackoverflow
Solution 1 - Php	Sebastian Paaske Tørholm	View Answer on Stackoverflow
Solution 2 - Php	Pascal MARTIN	View Answer on Stackoverflow
Solution 3 - Php	Meloman	View Answer on Stackoverflow
Solution 4 - Php	3tl4m	View Answer on Stackoverflow
Solution 5 - Php	RAMIN HAMZA	View Answer on Stackoverflow

PHP: How can I generate a HmacSHA256 signature of a string

Php Problem Overview

Php Solutions

Solution 1 - Php

Solution 2 - Php

Solution 3 - Php

Solution 4 - Php

Solution 5 - Php

Change UISearchBar/Keyboard Search Button Title

In SQL / MySQL, what is the difference between "ON" and "WHERE" in a join statement?

Attributions