2

I'm building an iOS app making use of our own web service but am having some issues when base64 encoding data within iOS and trying to compare it with the same data encoded using PHP base64_encode() function.

iOS side:

/*
 * Generating a hash within an NSData object, which then I try to base64 encode
 *  making use of the Base64 library included with RestKit.
 */
const char *cKey  = [private_key cStringUsingEncoding:NSASCIIStringEncoding];
const char *cData = [password cStringUsingEncoding:NSASCIIStringEncoding];  
unsigned char cHMAC[CC_SHA256_DIGEST_LENGTH];   
CCHmac(kCCHmacAlgSHA256, cKey, strlen(cKey), cData, strlen(cData), cHMAC);  
NSData *HMAC = [[NSData alloc] initWithBytes:cHMAC length:sizeof(cHMAC)];
NSString *myHash = [HMAC base64EncodedString];

PHP Side:

$hash = hash_hmac('sha256',$data,$key);
$encoded_hash = base64_encode($hash);

And the output looks like:

iOS HMAC: <3ae3bbed 508b62aa 9bd8e92e 357e1467 e888cd3d a1ad5aa2 7692db23 5415eb0d>
iOS myHash: OuO77VCLYqqb2OkuNX4UZ+iIzT2hrVqidpLbI1QV6w0=

PHP hash: 3ae3bbed508b62aa9bd8e92e357e1467e888cd3da1ad5aa27692db235415eb0d
PHP encoded_hash: M2FlM2JiZWQ1MDhiNjJhYTliZDhlOTJlMzU3ZTE0NjdlODg4Y2QzZGExYWQ1YWEyNzY5MmRiMjM1NDE1ZWIwZA==

As you can see, when comparing iOS' HMAC and PHP Hash they contain the same characters, but once you base64 encode this, the result is not the same.

Improve this question

1 Answer 1

Reset to default
2

Your iOS one is correct.

The PHP one is the string 3ae3bbed508b62aa9bd8e92e357e1467e888cd3da1ad5aa27692db235415eb0d base-64 encoded. i.e. the bit stream being encoded here is those ASCII characters. So the first 3 is 0x33, the a is 0x61, etc. So you're encoding 0x3361... actually. Does that make sense?

For the PHP you want:

$hash = hash_hmac('sha256',$data,$key,true);
$encoded_hash = base64_encode($hash);

That tells hash_hmac to return the raw output rather than a hex string.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks Matt, I understand, but how would you approach it so I can encode that string rather than the ASCII characters? Thanks
What do you mean? I've shown the correct PHP to encode the right thing. You pass true as the 4th paramter to hash_hmac to make the returned value be the actual bytes rather than a hex representation of those bytes. Make sense?
Oh! I missed the PHP code, just seen it now... Sorry about that. It definitely makes sense, I tried it and it works. Thanks! :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.