Home  >  Article  >  Backend Development  >  Create signature from Hash_hmac() and Sha256 in PHP

Create signature from Hash_hmac() and Sha256 in PHP

王林
王林forward
2024-02-29 14:34:24720browse

In PHP, it is a common security practice to use the Hash_hmac() function in conjunction with the Sha256 algorithm to create signatures. This method can help verify the integrity and authenticity of data during data transmission and prevent data from being tampered with or forged. By combining Hash_hmac() and Sha256, a secure key-based hash can be generated, ensuring secure transmission and processing of data. In this article, we’ll take a deep dive into how to use Hash_hmac() and Sha256 in PHP to create signatures, and how to apply this approach to enhance data security.

We'll show you how to use the hash_hmac and sha256 ciphers to create a secure signature that you can store in a database or Use in your login form.


hash_hmac() function in php

hash_hmac() Creates an alphanumeric keyed secret hash. It utilizes a cryptographic authentication technology called the HMAC method.

grammar:

hash_hmac($alGo, $data, $key, $binary = false);
  1. $algo is one of the hash_hmac parameters and is used as the signature secret keyed hash (String).
  2. $data, a hash value (usually the user's password). It can be alphanumeric.
  3. $key is generated from the HMAC method, which is the key you get from the function, and for other programming uses.
  4. The last parameter $binary is the binary value.

It returns raw data when TRUE and throws lowercase hexadecimal when FALSE.


Using hash_hmac() and sha256

in PHP

example:

<?php
//sha256 is a $algo
$PassWord= &#39;ThisIS123PasswORD&#39; ; //data
$secret ="ABCabc"; //$key
//false is bool value to check whether the method works or not
$hash_it = hash_hmac("sha256", utf8_encode($Password), $secret, false);//all four parameters
if(!$hash_it){ //checks true or false
	echo "Password was not encrypted!";
}
echo "Your encrypted signature is:<b> &#39;.$hash_it.&#39; </b>";
?>

Output:

Your encrypted signature is: &#39;.46e9757dc98f478c28f035cfa871dbd19b5a2bf8273225191bcca78801304813

Use hash_hmac() and base64_encode()

If you want your cryptographic signatures to be more secure, you can also execute the following code snippet.

example:

<?php
$my_sign = "abc123";
$key = TRUE;
 $base64_encode = base64_encode(hash_hmac(&#39;sha256&#39;, $my_sign, $key, true));
if(!$base64_encode){
echo "Your signature with the base64_decode(hash_hmac()); failed";
}
else{
echo "Your base64_decode(hash_hmac()); encrypted signature is is:<b> $base64_encode.&#39; </b>";
}
?>

Output:

Your base64_decode(hash_hmac()); encrypted signature is is: &#39;.00g0QMQlnluXxijqot60WZf6InDi07b/Mb5lL7eVZ34

Use hash_hmac() and sha256 in PHP and apply hex2bin/bin2hex transformation

  • hex2bin() - This function decodes a binary string that has been encoded in hexadecimal.
  • bin2hex() - Convert an ASCII string to a hexadecimal value using the bin2hex() method.

Let's say you have critical financial data that you want to encrypt and create a key for the user.

example:

<?php
$createhashmackey = "2974924872949278487322348237749823";
$bank_acc = "029480247299262947328749287";
$current_bal = $sum * 10000 / 450;
$bank_locker_no = &#39;AC54-A76X&#39;;
$last_deposit= $when;
$se = hex2bi&#110;($createhashmackey);
$create_his_signature = $bank_acc . $current_bal. $bank_locker_no . $last_deposit;
$enigma = bin2he&#120;(hash_hmac(&#39;sha256&#39;, $create_his_signature, $se));
echo "The secret signature is.$enigma.";

Output:

The secret signature is.33633066323533383537663538323937373536393764396530343661663336666438636435363631383934363864383966316133633433633965343234336233.

This is the output for all code examples in this article.

在 PHP 中从 Hash_hmac() 和 Sha256 创建签名

The above is the detailed content of Create signature from Hash_hmac() and Sha256 in PHP. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:lsjlt.com. If there is any infringement, please contact admin@php.cn delete