Components All New MacOS Windows Linux iOS
Examples Mac & Win Server Client Guides Statistic FMM Blog Deprecated Old

Hash.SHA256.HMAC

Returns the a SHA256 HMAC based on the key and the data string.

Component Version macOS Windows Linux Server iOS SDK
Hash 3.1 ✅ Yes ✅ Yes ✅ Yes ✅ Yes ✅ Yes
MBS( "Hash.SHA256.HMAC"; key; data { ; Flags } )   More

Parameters

Parameter Description Example Flags
key The key text to use. "Hello"
data The data text to use. "World"
Flags Various flags you can combine by addition.
Pass 1 for getting result Base64 encoded instead of Hex encoded.
Pass 2 if key is Hex encoded and plugin should decode it first.
Pass 4 if data is hex encoded and plugin should decode it first.
Pass 8 for base64URL encoding. (new in v10.3)
0 Optional

Result

Returns the hash string.

Description

Returns the a SHA256 HMAC based on the key and the data string.
Keyed-Hash Message Authentication Code is a way to add salt to a hash for more security.
By default we return the hash as hex encoded string.

Please be aware that text can result in different hashes if it contains line endings. You may want to make sure that line endings are right with the Text.ReplaceNewline function before you compare hashes to results in other development tools. FileMaker uses Mac line endings by default and most examples for Javascript use Unix line endings.

Can be used to sign requests for Amazon MWS.

Examples

Hash empty string

MBS( "Hash.SHA256.HMAC"; ""; "" )

Example result: B613679A0814D9EC772F95D778C35FC5FF1697C493715653C6C712144292C5AD

Hash a test string

MBS( "Hash.SHA256.HMAC"; "key"; "The quick brown fox jumps over the lazy dog")

Example result: F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8

Hash with flags:

MBS( "Hash.SHA256.HMAC"; "6B6579"; "54686520717569636B2062726F776E20666F78206A756D7073206F76657220746865206C617A7920646F67"; 2+4)

Example result: F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8

FileMaker 16 vs. Plugin:

# MBS Plugin:
MBS( "Hash.SHA256.HMAC"; "Key"; "Data")
# Same via FileMaker 16 native:
HexEncode( CryptAuthCode ( "Data" ; "SHA256" ; "Key" ))

Calculate Amazon AWS Signature for canonical query:

Set Variable [ $Verb ; Value: "POST" ]
Set Variable [ $Domain ; Value: "mws.amazonservices.com" ]
Set Variable [ $Path ; Value: "/Orders/2013-09-01" ]
Set Variable [ $QueryString ; Value: "AWSAccessKeyId=AKIAJVZ5JFVD2SERTQIA&Action=GetOrder&AmazonOrderId.Id.1=112-4707920-3733828&SellerId=A1DGCWQ1HE6UN1&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2018-01-24T22%3A34%3A24Z&Version=2013-09-01" ]
Set Variable [ $SecretKey ; Value: "1234567890" ]
Set Variable [ $Signature ; Value: MBS( "Hash.SHA256.HMAC"; $SecretKey; $Verb & Char(10) & $Domain & Char(10) & $Path & Char(10) & $QueryString; 1 ) ]
Show Custom Dialog [ "AWS Signature" ; $signature ]

Example result: “hTX0IGOH+lWyaqZBf513TcB6Mk3U/hidyQvJASsn7aE="

Calculate a JSON Web Token (JWT) in FileMaker:

// Header: {\"alg\":\"HS256\",\"typ\":\"JWT\"}
// Payload: {"iss":"scotch.io","exp":1300819380,"name":"Chris Sevilleja","admin":true}

// expected result: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dnZWRJbkFzIjoiYWRtaW4iLCJpYXQiOjE0MjI3Nzk2Mzh9.gzSraSYS8EXBxLN_oWnFSRgCzcmJmMjLiuyu5CSpyHI

Let ( [
secret = "secretkey";
header = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}";
payload = "{\"loggedInAs\":\"admin\",\"iat\":1422779638}";
encodedString = MBS( "Text.EncodeToBase64URL"; header; "UTF-8") & "." & MBS( "Text.EncodeToBase64URL"; payload; "UTF-8");
// calculate hash
hash = MBS( "Hash.SHA256.HMAC"; secret; encodedString; 1+8 );
// and built final result:
result = encodedString & "." & hash
]; result )

Calculate the signature for AWS Signature Version 4:

// see https://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html
Let ( [
date="20150830";
Region = "us-east-1";
Service= "iam";
Signing= "aws4_request";

kSecret = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
kDate = MBS( "Hash.SHA256.HMAC"; "AWS4" & kSecret ; date);
kRegion = MBS( "Hash.SHA256.HMAC”; kDate ; Region; 2);
kService = MBS( "Hash.SHA256.HMAC”; kRegion ; Service; 2);
kSigning = MBS( "Hash.SHA256.HMAC”; kService ; Signing; 2)

]; Lower (kSigning))

Example result: c4afb1cc5771d871763a393e44b703571b55cc28424d1a5e86da6ed3c154a4b9

Calculate hash for kaufland API:

Let ( [
method = "POST";
uri = "https://sellerapi.kaufland.com/v2/units/";
body = "";
timestamp = 1411055926;
secretKey = "a7d0cb1da1ddbc86c96ee5fedd341b7d8ebfbb2f5c83cfe0909f4e57f05dd403";
texts = method & Char(10) & uri & Char(10) & body & Char(10) & timestamp;
result = MBS( "Hash.SHA256.HMAC"; secretKey; texts; 0)
]; lower(result) )
// see https://sellerapi.kaufland.com/?page=rest-api#signrequest-php

Example result: da0b65f51c0716c1d3fa658b7eaf710583630a762a98c9af8e9b392bd9df2e2a

See also

Release notes

Blog Entries

This function is free to use.

Created 18th August 2014, last changed 13th October 2023


Hash.SHA256 - Hash.SHA512