hash_hmac - sha1 - signed value coming wrong?

Question

$signData = hash_hmac("sha1", 'GET\n1344250030\n/contacts.json', 
              base64_decode($this->api_secret));

$signData = base64_encode($signData);

the value of api_secret is

LPq6ZD2JdyPnBvxf6p6h

the value of result $signData is

ZTYxM2NkYmNhZDJiZDUxZWUwMWIyNGRlZTlmYTc3MDliM2FiY2NhYQ==

but the expected result in $signData is

QbOd8%2BOIzHMKrmEpf4G%2FZFWLAx8%3D

I should use this expected result for url connection.

Where am i doing wrong? help me.

Answer 1

Made a complete java program

package javaapplication1;

import java.net.URLEncoder;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

public class JavaApplication1 {

    public static void main(String[] args) {
        try {
            System.out.println(signData("GET\n1344250030\n/contacts.json"));
        } catch (Exception ex) {
            Logger.getLogger(JavaApplication1.class.getName()).log(Level.SEVERE, null, ex);
        }
    }

    private static String signData(String data) throws Exception {
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(new SecretKeySpec(Base64.decodeBase64("LPq6ZD2JdyPnBvxf6p6h"), "HmacSHA1"));
        String sig = new String(Base64.encodeBase64(mac.doFinal(data.getBytes())));
        return URLEncoder.encode(sig, "UTF-8");
    }
}

Noticed the URLEncoder so I added that to the PHP. Also suspect that your URL should be using double quotes as otherwise the \n doesn't work. Which gave this code:

<?php

$signData = hash_hmac("sha1", "GET\n1344250030\n/contacts.json", 
              base64_decode('LPq6ZD2JdyPnBvxf6p6h'), true);
$signData = base64_encode($signData);
echo urlencode($signData);

Both give the same result but not what you expected.

fH%2F0XJpooui3U2nyd%2FCD9YjRVGM%3D

So are you certain your inputs are correct? Both the URL and the secret?