Translating JS crypto.createHmac to Crypto.HMAC

Adam_Gerson · December 11, 2020, 10:48pm

I am trying to translate this block in Javascript:

const crypto = require('crypto'),
    shared_key = 'kw4qSnpSwXzgiv5yxYpZZmFEd9QAeiKTQ6OuyMja',
    signing_string = 'licenseSpring\ndate: Tue, 07 Jun 2011 20:51:35 GMT';

let signature = crypto.createHmac('sha256', shared_key).update(signing_string).digest('base64');

console.log(signature);
// UDysfR6MndUZReo07Y9r+vErn8vSxrnQ5ulit18iJ/Q=

Into Xojo:

Var shared_key as String = "kw4qSnpSwXzgiv5yxYpZZmFEd9QAeiKTQ6OuyMja"
Var signing_string as String =  "licenseSpring\ndate: Tue, 07 Jun 2011 20:51:35 GMT"

Var hash As String
hash = EncodeBase64(Crypto.HMAC(shared_key, signing_string, Crypto.HashAlgorithms.SHA256))
MessageBox(hash)
//Q4BAhsu1Xw3LsBZ+BCLShWQDbmJ2j/eFXzvF9T6n9tU=

I am getting two different hashed strings, but expect they should be the same. Are these algorithms equivalent?

Andrew_Lambert · December 11, 2020, 11:00pm

Edit: Disregard, see next post.

Maybe it should be:

Var shared_key as String = DecodeBase64("kw4qSnpSwXzgiv5yxYpZZmFEd9QAeiKTQ6OuyMja")

?

Andrew_Lambert · December 11, 2020, 11:08pm

Got it.

This:

Var signing_string as String =  "licenseSpring\ndate: Tue, 07 Jun 2011 20:51:35 GMT"

Should be this:

Var signing_string as String =  "licenseSpring" + EndOfLine.UNIX + "date: Tue, 07 Jun 2011 20:51:35 GMT"

Adam_Gerson · December 12, 2020, 12:32am

Thank you! Not sure I would have ever found my way to that!

John_Kelly · December 24, 2022, 6:15pm

@Adam_Gerson, were you able to successfully integrate to LicenseSpring? I am looking into that as a possible solution for licensing desktop apps.

Tim_Parnell · December 24, 2022, 7:11pm

For DRM / licensing of Xojo Desktop applications, I’ve built an end-to-end Xojo code system
No plugins, no black boxes!

TPLM features a drop-in Desktop module for protecting your software and a Xojo Web app that acts as an online licensing server. The Web panel provides hooks to integrate with FastSpring ready to go. The Desktop module offers many standard DRM features such as hardware-locked licensing, verified online activation, and offline licensing.

More information can be found here: TPLM: Xojo DRM - Strawberry Software
I’m also happy to answer any questions! support@strawberrysw.com