Topics   All   MacOS (Only)   Windows (Only)   Linux (Only, Not)   iOS (Only, Not)  
Components   Crossplatform Mac & Win   Server   Client   Old   Deprecated   Guides   Examples   Videos
New in version: 11.2   11.3   11.4   11.5   12.0   12.1   12.2   12.3   12.4   12.5    Statistic    FMM    Blog  


Returns the a SHA256 HMAC based on the key and the data string.

Component Version macOS Windows Linux Server iOS SDK
Hash 3.1 ✅ Yes ✅ Yes ✅ Yes ✅ Yes ✅ Yes
MBS( "Hash.SHA256.HMAC"; key; data { ; Flags } )   More


Parameter Description Example Flags
key The key text to use. "Hello"
data The data text to use. "World"
Flags Various flags you can combine by addition.
Pass 1 for getting result Base64 encoded instead of Hex encoded.
Pass 2 if key is Hex encoded and plugin should decode it first.
Pass 4 if data is hex encoded and plugin should decode it first.
Pass 8 for base64URL encoding. (new in v10.3)
0 Optional


Returns the hash string.


Returns the a SHA256 HMAC based on the key and the data string.
Keyed-Hash Message Authentication Code is a way to add salt to a hash for more security.
By default we return the hash as hex encoded string.

Please be aware that text can result in different hashes if it contains line endings. You may want to make sure that line endings are right with the Text.ReplaceNewline function before you compare hashes to results in other development tools. FileMaker uses Mac line endings by default and most examples for Javascript use Unix line endings.

Can be used to sign requests for Amazon MWS.


Hash empty string

MBS( "Hash.SHA256.HMAC"; ""; "" )

Example result: B613679A0814D9EC772F95D778C35FC5FF1697C493715653C6C712144292C5AD

Hash a test string

MBS( "Hash.SHA256.HMAC"; "key"; "The quick brown fox jumps over the lazy dog")

Example result: F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8

Hash with flags:

MBS( "Hash.SHA256.HMAC"; "6B6579"; "54686520717569636B2062726F776E20666F78206A756D7073206F76657220746865206C617A7920646F67"; 2+4)

Example result: F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8

FileMaker 16 vs. Plugin:

# MBS Plugin:
MBS( "Hash.SHA256.HMAC"; "Key"; "Data")
# Same via FileMaker 16 native:
HexEncode( CryptAuthCode ( "Data" ; "SHA256" ; "Key" ))

Calculate Amazon AWS Signature for canonical query:

Set Variable [ $Verb ; Value: "POST" ]
Set Variable [ $Domain ; Value: "" ]
Set Variable [ $Path ; Value: "/Orders/2013-09-01" ]
Set Variable [ $QueryString ; Value: "AWSAccessKeyId=AKIAJVZ5JFVD2SERTQIA&Action=GetOrder&AmazonOrderId.Id.1=112-4707920-3733828&SellerId=A1DGCWQ1HE6UN1&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2018-01-24T22%3A34%3A24Z&Version=2013-09-01" ]
Set Variable [ $SecretKey ; Value: "1234567890" ]
Set Variable [ $Signature ; Value: MBS( "Hash.SHA256.HMAC"; $SecretKey; $Verb & Char(10) & $Domain & Char(10) & $Path & Char(10) & $QueryString; 1 ) ]
Show Custom Dialog [ "AWS Signature" ; $signature ]

Example result: “hTX0IGOH+lWyaqZBf513TcB6Mk3U/hidyQvJASsn7aE="

Calculate a JSON Web Token (JWT) in FileMaker:

// Header: {\"alg\":\"HS256\",\"typ\":\"JWT\"}
// Payload: {"iss":"","exp":1300819380,"name":"Chris Sevilleja","admin":true}

// expected result: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dnZWRJbkFzIjoiYWRtaW4iLCJpYXQiOjE0MjI3Nzk2Mzh9.gzSraSYS8EXBxLN_oWnFSRgCzcmJmMjLiuyu5CSpyHI

Let ( [
secret = "secretkey";
header = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}";
payload = "{\"loggedInAs\":\"admin\",\"iat\":1422779638}";
encodedString = MBS( "Text.EncodeToBase64URL"; header; "UTF-8") & "." & MBS( "Text.EncodeToBase64URL"; payload; "UTF-8");
// calculate hash
hash = MBS( "Hash.SHA256.HMAC"; secret; encodedString; 1+8 );
// and built final result:
result = encodedString & "." & hash
]; result )

Calculate the signature for AWS Signature Version 4:

// see
Let ( [
Region = "us-east-1";
Service= "iam";
Signing= "aws4_request";

kDate = MBS( "Hash.SHA256.HMAC"; "AWS4" & kSecret ; date);
kRegion = MBS( "Hash.SHA256.HMAC”; kDate ; Region; 2);
kService = MBS( "Hash.SHA256.HMAC”; kRegion ; Service; 2);
kSigning = MBS( "Hash.SHA256.HMAC”; kService ; Signing; 2)

]; Lower (kSigning))

Example result: c4afb1cc5771d871763a393e44b703571b55cc28424d1a5e86da6ed3c154a4b9

See also

Release notes

Blog Entries

Created 18th August 2014, last changed 10th December 2021

Hash.SHA256 - Hash.SHA512

Feedback: Report problem or ask question.

Start Chat