0

Hi,

I'm trying to understand how HMAC Verification works in general (big picture). I want learn and understand how this equation works. Writing the script it a bit hard too. I know that HMAC Verification can prevent people from tampering with variables passed in the URL.

Here is the formula to calculate HMAC:

H(K XOR opad, H(K XOR ipad, text))

Here is a basic script:

<?php

function create_parameters($array){
$data = '';
$ret = array();

foreach ($array as $key => $value) {
$data .= $key . $value;
$ret[] = "$key=$value";
}

$hash = md5($data);
$ret[] = "hash=$hash";
return join ('&amp;', $ret);
}

echo '<a href="script.php?'. create_parameters(array('cause' => 'vars')).'">err!</a>';
?>

The result is:

<a href='script.php?cause=vars&hash=8eee14fe10d3f612589cdef079c025f6'>err!</a>

Running the script is not a problem because I can see how it works (it's kinda cool in a way) but calculating the HMAC, is it bit hard.

I really appreciate if someone explain to me how to this works correctly. Thanks!

2
Contributors
6
Replies
7
Views
5 Years
Discussion Span
Last Post by LastMitch
0

@pritaeas

Thanks for the reply! Thanks for the links. I will read info from the links.

If you want to write your own, you can check the code of the PEAR package.

Yes, I was planning to write my own, something to learn just to play around with. I never heard of the Pear Package but I will download it and see how it looks.

Thanks!

1

For completeness, PEAR consists of a whole lot of modules/packages, each with a specific purpose, a framework so to speak. HMAC is just one of them.

Votes + Comments
Thanks for the explanation & link!
0

@pritaeas

Thanks for the links and explanations! My old text books doesn't mention anything about Pear Package so I'm pretty out of date with the new materials. I download the the Pear package. I will test it out. If I have any questions on how the Pear Package works. I will post another thread to describe the code that I'm having issue with. Thanks again, I appreciate that you help!

0

@pritaeas

Yes, you're right, I'm confuse with PEAR with PECL. I think I was learning PECL. My first year in college I learn C/C++. So my second year I learn PECL I start to compile on UNIX and LINUX in the computer center. It's actually in my textbook (workbook), I had to read the index and find that word PEAR. It's only appear once. It's like a 1/4 of a paper or 1 paragraphs to describe what PEAR is. PECL also appear in the workbook too. Same as UNIX and LINUX, it's a separate workbook from PHP, but it contains shortscut and keys to press to compile. I don't remember, it's a long time, things are different now compare 11 or 13 years ago. I think you have more experience than I am so it's much easier for you to understand it. Thanks again for the links and I appreciate your help!

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.