| Components | All | New | MacOS | Windows | Linux | iOS | ||||
| Examples | Mac & Win | Server | Client | Guides | Statistic | FMM | Blog | Deprecated | Old | |
Hash.SHA256.HMAC
Returns the a SHA256 HMAC based on the key and the data string.
| Component | Version | macOS | Windows | Linux | Server | iOS SDK |
| Hash | 3.1 | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
Parameters
| Parameter | Description | Example | Flags |
|---|---|---|---|
| key | The key text to use. | "Hello" | |
| data | The data text to use. | "World" | |
| Flags | Various flags you can combine by addition. Pass 1 for getting result Base64 encoded instead of Hex encoded. Pass 2 if key is Hex encoded and plugin should decode it first. Pass 4 if data is hex encoded and plugin should decode it first. Pass 8 for base64URL encoding. (new in v10.3) |
0 | Optional |
Result
Returns the hash string.
Description
Returns the a SHA256 HMAC based on the key and the data string.Keyed-Hash Message Authentication Code is a way to add salt to a hash for more security.
By default we return the hash as hex encoded string.
Please be aware that text can result in different hashes if it contains line endings. You may want to make sure that line endings are right with the Text.ReplaceNewline function before you compare hashes to results in other development tools. FileMaker uses Mac line endings by default and most examples for Javascript use Unix line endings.
Can be used to sign requests for Amazon MWS.
Examples
Hash empty string
MBS( "Hash.SHA256.HMAC"; ""; "" )
Example result: B613679A0814D9EC772F95D778C35FC5FF1697C493715653C6C712144292C5AD
Hash a test string
MBS( "Hash.SHA256.HMAC"; "key"; "The quick brown fox jumps over the lazy dog")
Example result: F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8
Hash with flags:
MBS( "Hash.SHA256.HMAC"; "6B6579"; "54686520717569636B2062726F776E20666F78206A756D7073206F76657220746865206C617A7920646F67"; 2+4)
Example result: F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8
FileMaker 16 vs. Plugin:
# MBS Plugin:
MBS( "Hash.SHA256.HMAC"; "Key"; "Data")
# Same via FileMaker 16 native:
HexEncode( CryptAuthCode ( "Data" ; "SHA256" ; "Key" ))
Calculate Amazon AWS Signature for canonical query:
Set Variable [ $Verb ; Value: "POST" ]
Set Variable [ $Domain ; Value: "mws.amazonservices.com" ]
Set Variable [ $Path ; Value: "/Orders/2013-09-01" ]
Set Variable [ $QueryString ; Value: "AWSAccessKeyId=AKIAJVZ5JFVD2SERTQIA&Action=GetOrder&AmazonOrderId.Id.1=112-4707920-3733828&SellerId=A1DGCWQ1HE6UN1&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2018-01-24T22%3A34%3A24Z&Version=2013-09-01" ]
Set Variable [ $SecretKey ; Value: "1234567890" ]
Set Variable [ $Signature ; Value: MBS( "Hash.SHA256.HMAC"; $SecretKey; $Verb & Char(10) & $Domain & Char(10) & $Path & Char(10) & $QueryString; 1 ) ]
Show Custom Dialog [ "AWS Signature" ; $signature ]
Example result: “hTX0IGOH+lWyaqZBf513TcB6Mk3U/hidyQvJASsn7aE="
Calculate a JSON Web Token (JWT) in FileMaker:
// Header: {\"alg\":\"HS256\",\"typ\":\"JWT\"}
// Payload: {"iss":"scotch.io","exp":1300819380,"name":"Chris Sevilleja","admin":true}
// expected result: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dnZWRJbkFzIjoiYWRtaW4iLCJpYXQiOjE0MjI3Nzk2Mzh9.gzSraSYS8EXBxLN_oWnFSRgCzcmJmMjLiuyu5CSpyHI
Let ( [
secret = "secretkey";
header = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}";
payload = "{\"loggedInAs\":\"admin\",\"iat\":1422779638}";
encodedString = MBS( "Text.EncodeToBase64URL"; header; "UTF-8") & "." & MBS( "Text.EncodeToBase64URL"; payload; "UTF-8");
// calculate hash
hash = MBS( "Hash.SHA256.HMAC"; secret; encodedString; 1+8 );
// and built final result:
result = encodedString & "." & hash
]; result )
Calculate the signature for AWS Signature Version 4:
// see https://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html
Let ( [
date="20150830";
Region = "us-east-1";
Service= "iam";
Signing= "aws4_request";
kSecret = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
kDate = MBS( "Hash.SHA256.HMAC"; "AWS4" & kSecret ; date);
kRegion = MBS( "Hash.SHA256.HMAC”; kDate ; Region; 2);
kService = MBS( "Hash.SHA256.HMAC”; kRegion ; Service; 2);
kSigning = MBS( "Hash.SHA256.HMAC”; kService ; Signing; 2)
]; Lower (kSigning))
Example result: c4afb1cc5771d871763a393e44b703571b55cc28424d1a5e86da6ed3c154a4b9
Calculate hash for kaufland API:
Let ( [
method = "POST";
uri = "https://sellerapi.kaufland.com/v2/units/";
body = "";
timestamp = 1411055926;
secretKey = "a7d0cb1da1ddbc86c96ee5fedd341b7d8ebfbb2f5c83cfe0909f4e57f05dd403";
texts = method & Char(10) & uri & Char(10) & body & Char(10) & timestamp;
result = MBS( "Hash.SHA256.HMAC"; secretKey; texts; 0)
]; lower(result) )
// see https://sellerapi.kaufland.com/?page=rest-api#signrequest-php
Example result: da0b65f51c0716c1d3fa658b7eaf710583630a762a98c9af8e9b392bd9df2e2a
See also
- Hash.SHA1.HMAC
- Hash.SHA256
- Hash.SHA512.HMAC
- Text.EncodeToBase64
- Text.EncodeToBase64URL
- Text.ReplaceNewline
Release notes
- Version 10.3
- Added option for Base64URL encoding to Hash.MD5, Hash.MD5.HMAC, Hash.SHA1, Hash.SHA1.HMAC, Hash.SHA256, Hash.SHA256.HMAC, Hash.SHA512 and Hash.SHA512.HMAC functions.
Blog Entries
- MBS FileMaker Plugin, version 10.3pr1
- JWT RS256 authentication in FileMaker
- Comparing Base Elements Plugin to MBS FileMaker Plugin
- MBS FileMaker Plugin, version 6.0pr7
- MBS Filemaker Plugin, version 4.0pr4
This function is free to use.
Created 18th August 2014, last changed 13th October 2023
