Skip to content

Instantly share code, notes, and snippets.

@vzool

vzool/hash_hmac_receiver.php

Forked from samarpanda/hash_hmac_receiver.php
Created November 28, 2017 09:42
Show Gist options
  • Save vzool/efd71ce730f54d590d34fd1701b7da12 to your computer and use it in GitHub Desktop.
Save vzool/efd71ce730f54d590d34fd1701b7da12 to your computer and use it in GitHub Desktop.
Download ZIP
Adding content verification using hmac in php
Raw
hash_hmac_receiver.php
<?php
function get_private_key_for_public_key($public_key) {
// extract private key from database or cache store
return 'private_key_user_id_9999';
}
// Data submitted
$data = $_GET['data'];
$data = json_decode(stripslashes($data), TRUE);
// User hit the end point API with $data, $signature and $public_key
$message = $data['data'];
$received_signature = $data['sig'];
$private_key = get_private_key_for_public_key($data['pubKey']);
$computed_signature = base64_encode(hash_hmac('sha1', $message, $private_key, TRUE));
if($computed_signature == $received_signature) {
echo "Content Signature Verified";
}else {
echo "Invalid Content Verification Signature";
}
?>
Raw
hmac-send.php
<?php
const $SUBMIT_URL = "http://mysite.com/hmac-receiver.php?data=";
//User public & private keys
$private_key = "";
$public_key = "";
//Data to be submitted
$data = "";
//Generate content verification signature
$sig = base64_encode(hash_hmac('sha1', $data, $private_key, TRUE));
//Prepare json data to be submitted
$json_data = json_encode(array('data'=>$data, 'sig'=>$sig, 'pubKey'=>$public_key));
//Submit to api
submit_to_api($SUBMIT_URL.urlencode($json_data));
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment