HMAC SHA256 hex digest in javascript

3
votes

I'm trying to write a javascript lib to push events to Pusher.

In the environment I'm using I can't use nodejs, so no require('crypto') ... or at least I do not know of a way of using it outside node.

I'm following the example guide here: http://pusher.com/docs/rest_api; I'm stuck in the part where it says I should generate the HMAC SHA256 hex digest.

I am using this library http://code.google.com/p/crypto-js/#HMAC

So, following the instructions on Pusher i wrote

CryptoJS.HmacSHA256(
  'POST\n/apps/3/channels/project-3/events\nauth_key=278d425bdf160c739803&auth_timestamp=1272044395&auth_version=1.0&body_md5=7b3d404f5cde4a0b9b8fb4789a0098cb&name=foo',
  '7ad3773142a6692b25b8'
);

But that's giving me 20b132baa2aaf44ea1fab814f0788aaa44eed23a2d252c72e4dc2aaea0d6ac24 instead of b3152b2bb5a5b0bae66435a498797aa763e9b74f86cc97c9175424f8308b2f80.

What is bothering me is that I didn't do the "hex digest" part, so maybe that's what I'm missing, but I couldn't find a suitable lib to do this in javascript. Do you spot any errors in what I did? Do you have a library to suggest?

Thanks in advance for any help.

1
javascriptsha256hmac
hex digest just means a hexadecimal cryptographic hash, which it looks like you are getting. not sure what's wrong though...Matt K
Yeah, so maybe it's just an error with the data I'm using, the problem is that I wrote something like this in Java months ago and it worked, with that data, so it's correct.Alberto Zaccagni
hmmm... I would suggest trying a second library to see if you get different results.Matt K
I'm trying it right now, thanks. EDIT: Same results.Alberto Zaccagni
if you try the examples on other libraries do you get the same output they do?Matt K

1 Answers

2
votes

I was struggling with doing the exact same thing. Pusher's documentation should really be clearer about this issue. It turns out it's not the encyption methods. It's the order that you list your parameters. The body of your message has to be exactly formatted like this:

{"data":"{\\"message\\":\\"hello world\\"}","name":"my_event","channel":"test_channel"}

Data has to be first, then message, followed by name and then finally the channel name.

Then when you create your auth signature you have to list your parameters as so:

POST\n/apps/3/events\nauth_key=278d425bdf160c739803&auth_timestamp=1353088179&auth_version=1.0&body_md5=ec365a775a4cd0599faeb73354201b6f

So auth key is first, then the timestamp, followed by the auth version and finally the body md5.

I got it to work once I followed this exact pattern. Hopefully this helps!