C# equivalent to hash_hmac in PHP

c# hmac sha512
Philippe picture Philippe · Oct 9, 2012 · Viewed 25.8k times · Source

using .NET and C# i need to provide an integrity string using HMAC SHA512 to a PHP server . Using in C# :

Encoding encoding = Encoding.UTF8;
byte[] keyByte = encoding.GetBytes(key);
HMACSHA512 hmacsha512 = new HMACSHA512(keyByte);
byte[] messageBytes = encoding.GetBytes(message);
byte[]  hashmessage = hmacsha512.ComputeHash(messageBytes);
return(ByteToString(hashmessage).toUpper());

But it doesn't match with PHP hash_hmac() PHP code :

$hmac = strtoupper(hash_hmac($pbx_hash, $msg, $binKey));

I try to change encoding in C# (utf8, ASCII,Unicode) Without success.

I've tried many solution found on the net but nothing give the same string :(

I can't change the PHP code, and doesn't see what's wrong in C#

Edit This is ByteToString (copied from the comment):

static string ByteToString(byte[] buff)
{
    string sbinary = "";
    for (int i = 0; i < buff.Length; i++)
    {
        sbinary += buff[i].ToString("X2"); /* hex format */
    }
    return (sbinary);
}

After many tets, in found that i get the same results if PHP hash_hmac key is a string, not a byte Array . Seems that the problem is with the PHP convert function $binKey = pack("H*", $keyTest);

Answer

sehe picture sehe · Oct 9, 2012

The problem must be the actual representation of the key/message data.

See the following tests:

PHP

#!/usr/bin/php
<?php
print strtoupper(hash_hmac("sha256", "message", "key"));
?>

Output (live via http://writecodeonline.com/php/):

6E9EF29B75FFFC5B7ABAE527D58FDADB2FE42E7219011976917343065F58ED4A

C#

using System;
using System.Text;
using System.Security.Cryptography;

public class Program
{
    private const string key = "key";
    private const string message = "message";
    private static readonly Encoding encoding = Encoding.UTF8; 

    static void Main(string[] args)
    {
        var keyByte = encoding.GetBytes(key);
        using (var hmacsha256 = new HMACSHA256(keyByte))
        {
            hmacsha256.ComputeHash(encoding.GetBytes(message));

            Console.WriteLine("Result: {0}", ByteToString(hmacsha256.Hash));
        }
    }
    static string ByteToString(byte[] buff)
    {
        string sbinary = "";
        for (int i = 0; i < buff.Length; i++)
            sbinary += buff[i].ToString("X2"); /* hex format */
        return sbinary;
    }    
}

Output (live via http://ideone.com/JdpeL):

Result: 6E9EF29B75FFFC5B7ABAE527D58FDADB2FE42E7219011976917343065F58ED4A

So, check the character set/encoding of the PHP input data. Also check the actual algorithm (in $pbx_hash).

Related questions

Hash value generation using hmac/sha512 in java and c#

in c# public static string HashToString(string message, byte[] key) { byte[] b=new HMACSHA512(key).ComputeHash(Encoding.UTF8.GetBytes(message)); return Convert.ToBase64String(b); } client.DefaultRequestHeaders.Add("X-Hash", hash); var encryptedContent = DataMotion.Security.Encrypt(key, Convert.FromBase64String(iv), …

Read More
How to generate HMAC-SHA1 in C#?

I am trying to make use of a REST API using C#. The API creator has provided sample libraries in PHP, Ruby and Java. I am getting hung up on one part of it where I need to generate an …

Read More
How to implement HMAC Authentication in a RESTful WCF API

We are building a RESTful API using WCF (currently .Net 3.5, but will be moving to .Net 4 soon). We have a functional framework in place, but it is currently unsecured. It will need to be accessible from .Net applications as well …

Read More