CF_HMAC
By
Tim McCarthy
February 25, 2003
1,699 Downloads
13 votes
Implements HMAC, a mechanism for message authentication using hash functions as specified in <U><A href="http://www.ietf.org/rfc/rfc2104.txt" target="_blank">RFC 2104</A></U>. HMAC requires a hash function H and a secret key K and is computed as follows: H(K XOR opad, H(K XOR ipad, data)), where ipad = the byte 0x36 repeated 64 times opad = the byte 0x5c repeated 64 times data = the data to be authenticated Required parameters: data, key Optional parameters: data_format: hex = data is in hexadecimal format (default is ASCII text) key_format: hex = key is in hexadecimal format (default is ASCII text) hash_function: md5, sha1, sha256, or ripemd160 (default is md5) output_bits: truncate output to leftmost bits indicated (default is all) Nested custom tags: md5.cfm, ripemd_160.cfm</A></U>, sha_1.cfm, sha_256.cfm Example syntax: <cf_hmac data="what do ya want for nothing?" key="Jefe"> <cf_hmac data="616263" data_format="hex" key="414243" key_format="hex" hash_function="sha1" output_bits="80"> Output variable: caller.digest Note: This version accepts input in both ASCII text and hexadecimal formats. Previous versions did not accept input in hexadecimal format. On March 6, 2002, NIST announced the approval of <U><A href="http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf" target="_blank">FIPS 198</A></U>, The Keyed-Hash Message Authentication Code (HMAC), which contains the specifications for HMAC. This standard became effective on September 6, 2002.
SUPPORT INFORMATION
Not available
| License: | Freeware |
|---|---|
| Cost: | Free |
| OS: | All |
| File format: | ZIP | 9.8 KB |
Additional extension information
| Author: | Tim McCarthy |
|---|---|
| Author website: | Not available |
| Date published: | February 25, 2003 |
| Approval: | None |
| Browsers: | Internet Explorer ALL | Netscape ALL |
| Compatible Products(s): | ColdFusion 4.5 |
| Encrypted: | No |
Reviews
1-2 of 2 reviews | Show all reviews
walter@whardy.com 10-Feb-11
This function works great for validating with Amazon Web Services with their Access Key/Secret Key:
<cf_hmac data="#DateHeader_you_create#" key="#SecretKey_FromEC2#" hash_function="sha256">
<cfset EncryptedDateHash = ToBase64(BinaryDecode(#digest#, "hex"))>
...then send EncryptedDateHash to Amazon for verification.
Thanks!
DCwebGuy 07-Jan-08
I was looking for something to help me generate a signature for Amazon's Mechanical Turk platform, and this worked like a charm. Thanks a million for putting this together!
