I want to know, is there any way to achieve hash_hmac("sha256", $token, $signkey, true) (php) in classic ASP?
I need it to verificate the signed_request from Facebook https://developers.facebook.com/docs/howtos/login/signed-request/
// Adding the verification of the signed_request below
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); 
if ($sig !== $expected_sig) {
  error_log('Bad Signed JSON signature!');
  return null;
}
I have been using a file I found on an Amazon forum. This is the thread: https://forums.aws.amazon.com/message.jspa?messageID=147377
It uses a .wsc file, which is just a JScript file that defines a object you can use in your ASP code. Like this:
' ### be sure to have sha256.wsc in the same folder as this script
    Dim sha256
    Set sha256 = GetObject( "script:" & Server.MapPath("sha256.wsc") )
    sha256.hexcase = 0
    Dim result
    result = sha256.b64_hmac_sha256( secretkey, stringtosign )
This is a file which was originally used to sign request to the Amazon API. For reasons I don't understand this included this line of code in .wsc file:
d=d.replace ( /\s/g, "\n");
This converts all whitespace characters, including spaces, to '\n'. Hard to believe that spaces need to be converted to "\n". Anyway, I had to comment out this line to make the code work for me! And it does work. I have been using it for a while without problems.
From the sha256.wsc file:
/*
 * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
 * in FIPS 180-2
 * Version 2.2 Copyright Angel Marin, Paul Johnston 2000 - 2009.
 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
 * Distributed under the BSD License
 * See http://pajhome.org.uk/crypt/md5 for details.
 * Adapted into a WSC for use in classic ASP by Daniel O'Malley
 * (based on an SHA-1 example by Erik Oosterwaal)
 * for use with the Amazon Product Advertising API
 */
Direct link to the sha256.wsc file: https://forums.aws.amazon.com/servlet/JiveServlet/download/9-34858-139271-2601/sha256.wsc
I have been unable to find an official download site.
have a look at the microsoft capicom.dll. you can download it here
the reference can be found here
another option is to implement the function with a .net class and make that "com visible" so you can use the .net DLL from classic asp...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With