I'm trying to generate a signature to verify the authenticity of incoming data from a source, and have been given these instructions:
To calculate the signature, concatenate the UUID and Timestamp; then use a standard HMAC SHA1 algorithm and your Secret Access Key.
I'm not too hot on cryptographic functions, so I'm having trouble getting the generated string to tally up with the signature on the incoming data. There's what I've done:
$expected_signature = hash_hmac("sha1", $UUID.$timestamp, $secretKey);
Is this correct (as in following the instructions above)?
That does seem correct. How do you assign the $UUID and $timestamp variables?
Also, do they except the current timestamp or a specific timestamp base on the requested data (e.g. time posted/added?).
It might be that both your server and their server's times are not sync and it fails on that (try using NTP if possible). Other than that, logic-wise your code seems legit.