simple algorithm to generate unique key

Question

Busy with an interface between business application and php web app. The business application will send a products file to the server which will be uploaded a few times a day. I want to append a unique key to the url that the web app first checks before doing anything. So business application and web app must use the same algorithm , to generate a simple key . any ideas ?

e.g.

www.phpwebapp/uploads/products/&file='C:/products.csv'&key='Abg1h35'

---

EDIT

Both apps need to produce the same key, hence i need a simple algorithim, even is its just based on the current day.

e.g.

date() + SALT = 'key';

Something a bit better than that.

Answer 1

Sounds to me like you want something like request signing:

1. generate a random secret key that you give to the authenticating app (ahead of time, shared secret)
2. require that the authenticating app sends its current date as part of the request

3. require that the authenticating app creates a hash of a concatenation of

   • the date sent in 2.
   • any other unique data that's part of the request
   • the secret key

   This will form your "unique key". Since you're looking at a message authentication code, you'll want an HMAC hash. E.g.:

   code = HMAC(date + data, secret key)
   

4. verify that the date is within a certain tolerance, e.g. ±15 minutes

5. repeat the same hashing algorithm
6. compare the received hash with your hash

This way you can authenticate each request as being sent by the entity in possession of the secret key without sending the secret key over the wire, and each request has a unique authentication code.