Before sometime I had a project where I am required to create a message digest to authenticate web-service call. Initially it looked simple but while trying on staging server it never authenticated properly. Basically it was a Surescripts web-service implementation where we have to strictly follow their protocols.

They have provided documentation to help implementing/developing compatible services but clarity was missing, we have to go forth and back to their staging (FASTRACK) support which was limited to email only in most of the case except for production you can get better support with phone agents. I mean it was bit tricky for first time Surescripts implementers.

OK, anyway let's get back to basics now, I have sample code in VB.NET and Java and I have to perform following operation: "The encoding process for password is: first convert to uppercase, then Unicode it in little-endian UTF16, then SHA1 it, then base64 encode it."

Sample VB.NET code:

UnicodeEncoding encoding = new UnicodeEncoding();
 
hashBytes = encoding.GetBytes(password.ToUpper().Trim());
 
SHA1 sha1 = new SHA1CryptoServiceProvider();
 
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
 
String pwd= Convert.ToBase64String(cryptPassword);

and here is,
Sample Java code:

System.out.println(new String (
new Base64().encode(MessageDigest.getInstance("SHA1").digest(pwString.getBytes("UTF-16LE")))));


But, luckily or unluckily there was no PHP sample code which used to be the case many a times for such projects. I don't mind that and while I already worked real hard on rest of the part I have just developed a small simple one page VB.NET application/web-page which I could call from my PHP application to get the message digest in the desired way.

So I got my solution there at that time as always; may be in unconventional way but I don't mind as long as I can deliver acceptable solution in-time. But I would like some of the great PHP experts to digg into this matter and bring solution to the horizon. I believe some of the things in respect of text encoding are not much clear as I have tried lot to get this done in PHP itself and have spent good amount of time on that research as well. Tried using all sort of various encoding functions available in PHP including mbstring.

According to their code and samples for string "helloworld" the output should be "D3Kwlpztzu5ZimQFg916lDn8/rQ="; and yes it works really well without any headache (I tried VB.NET code and it worked for me right out of the box and C# conversion of that code worked as well). I know that Surescripts guys have build their backbone on .NET platform but such things should not matter here.

I would like to know "how?"; if we can get it done with the help of PHP. I believe in PHP and it's strength and that's why posting this on my blog hoping to see positive response :)

PS: Here skySignal has something similar to say about MD5 usage and implementation in PHP in respect to Microsoft.NET.

Similar Posts: