Hi,
I'm trying to understand how HMAC Verification works in general (big picture). I want learn and understand how this equation works. Writing the script it a bit hard too. I know that HMAC Verification can prevent people from tampering with variables passed in the URL.
Here is the formula to calculate HMAC:
H(K XOR opad, H(K XOR ipad, text))
Here is a basic script:
<?php
function create_parameters($array){
$data = '';
$ret = array();
foreach ($array as $key => $value) {
$data .= $key . $value;
$ret[] = "$key=$value";
}
$hash = md5($data);
$ret[] = "hash=$hash";
return join ('&', $ret);
}
echo '<a href="script.php?'. create_parameters(array('cause' => 'vars')).'">err!</a>';
?>
The result is:
<a href='script.php?cause=vars&hash=8eee14fe10d3f612589cdef079c025f6'>err!</a>
Running the script is not a problem because I can see how it works (it's kinda cool in a way) but calculating the HMAC, is it bit hard.
I really appreciate if someone explain to me how to this works correctly. Thanks!