i'm about to struggle with calculating a sha256 signature with the same result as <openssl dgst -sha256 -hmac> does calculate. this subject already was discussed in question. inspired by this content i wrote the small perl script in order to understand different implementations of sha256 hmac calculations.
use strict;
use warnings;
use Digest::SHA qw(sha256 hmac_sha256_hex hmac_sha256_base64);
use Digest::HMAC qw(hmac_hex);
my $msg = 'Value-corresponding_to_openssls_EVP_MD structure';
my $key = 'fq6if8aaxLTw0EHRAEkyvCbfa5O9BclbCCB6mtVsWO14KtyIdzIakzzlFGttMaw0';
my ($p1Sig, $p2Sig, $p3Sig, $odSig, $omSig);
my $DgstCmd = "echo "$msg" | openssl dgst -sha256 -hmac "$key"";
$p1Sig = hmac_sha256_hex($msg, $key);
$p2Sig = hmac_hex($msg, $key, &sha256);
$p3Sig = hmac_sha256_base64($msg, $key);
$odSig = $DgstCmd
;
$odSig =~ /= (\w*)/;
print "message\t<$msg>\nkey\t<$key>\nsignatures:\n openssl = <$1>\n perlSHA = <$p1Sig>\n perlHMAC = <$p2Sig>\n perlSHAbase = <$p3Sig>\n";
system ("openssl version");
the result is not as expected (run on win10):
message <Value-corresponding_to_openssls_EVP_MD structure>
key <fq6if8aaxLTw0EHRAEkyvCbfa5O9BclbCCB6mtVsWO14KtyIdzIakzzlFGttMaw0>
signatures:
openssl = <a1a262e3d0393b076b53620d7924b04ae8c6d9c66a1a1aadd6c1b6e2fd27b8d8>
perlSHA = <2782c620c8c799d2c6b77d306cfca9be7dd2820effe66483d6b97dab7ada31f5>
perlHMAC = <2782c620c8c799d2c6b77d306cfca9be7dd2820effe66483d6b97dab7ada31f5>
perlSHAbase = <J4LGIMjHmdLGt30wbPypvn3Sgg7/5mSD1rl9q3raMfU>
OpenSSL 1.1.1g 21 Apr 2020
i so run it on a linux system (SMP PREEMPT Wed Nov 8 11:54:06 CET 2017 x86_64 GNU/Linux):
message <Value-corresponding_to_openssls_EVP_MD structure>
key <fq6if8aaxLTw0EHRAEkyvCbfa5O9BclbCCB6mtVsWO14KtyIdzIakzzlFGttMaw0>
signatures:
openssl = <fadbde9a78101454d987d58ee00f6442f75a9f740202acbf9f1cb6933eeb27bf>
perlSHA = <2782c620c8c799d2c6b77d306cfca9be7dd2820effe66483d6b97dab7ada31f5>
perlSHAbase = <J4LGIMjHmdLGt30wbPypvn3Sgg7/5mSD1rl9q3raMfU>
OpenSSL 1.1.0g 2 Nov 2017
all perl versions show the same result. openssl show different results. most interesting is the fact that different openssl versions show different results.
question 1: what is the reason for different results between openssl versions?
question 2: is there a solution in perl producing same result as openssl dgst -sha256 -hmac
.
have fun