Hmac-Sha1 encode for mIRC

By FordLawnmower on Sep 13, 2010

I wrote this hash encryption alias because it is needed for OAuth Authentication.
Without a hmac-sha1 function, you cannot create the signatures needed to use most major api's.(ie. Facebook, Twitter, etc.)

hmac-sha1 is also used for lots of other keyed authentication.
More information on hmac-sha1 can be found here -->>

For anyone who is wondering, I will begin working on updating some of my twitter scripts to OAuth/Xauth Tomorrow.
I will also be posting a Twitter Signature alias as soon as I get it written.

This isn't a lot of code, but it was an extremely taxing project.
For those posts/notices I have not responded to, I apologize.
I'll try to catch up asap.

As for a mIRC 7 version of this, I'll try to get to it in a couple of weeks.

If you need a hmac-md5 routine , just change 64 to 32 and $sha1 to $md5

Note The result of the hmac-sha1 is base 64 encoded as a final step to make it compatible with OAuth.

Updated Original snippet is here -->>

;hmacsha1 by Ford_Lawnmower #Script-Help
;Syntax hmacsha1 key message or $hmacsha1(key,message)
alias hmacsha1 {
  var %key $1, %data $2
  bset -c &key 1 $regsubex(%key,/(.)/g, $asc(\1) $chr(32))
  bset -c &data 1 $regsubex(%data,/(.)/g, $asc(\1) $chr(32))
  if ($bvar(&key,0) > 64) bset -c &key 1 $hex2chr($sha1(&key,1))
  bset -c &ipad 1 $xorall($str($+(54,$chr(32)),64),$bvar(&key,1-))
  bset -c &opad 1 $xorall($str($+(92,$chr(32)),64),$bvar(&key,1-))
  bcopy &ipad $calc($bvar(&ipad,0) + 1) &data 1 -1
  bset -c &ipad 1 $hex2chr($sha1(&ipad,1))
  bcopy &opad $calc($bvar(&opad,0) + 1) &ipad 1 -1
  bset -c &return 1 $hex2chr($sha1(&opad,1))
  noop $encode(&return, mb)
  $iif($isid,return,$iif(#,say,echo -a)) $bvar(&return, 1-).text
alias -l hex2chr return $regsubex($1-,/(.{2})/g, $base(\t,16,10) $chr(32))
alias -l xorall {
  var %p $1, %k $2, %end $iif($regex($1,/([\d]{1,})/g) > $regex($2,/([\d]{1,})/g),$v1,$v2)
  return $regsubex($str(.,%end),/(.)/g,$+($xor($iif($gettok(%p,\n,32),$v1,0),$iif($gettok(%k,\n,32),$v1,0)),$chr(32)))


Sign in to comment.
FordLawnmower   -  Mar 16, 2011

Thanks Jethro_ :)
Your right it's not only useful , it's needed. Almost no major websites can be authenticated to without hmac.
For those don't understand what this is used for, it will provides oneway encoding of a key and your data.
The data will be sent to the server but the key never will. You will just send the data along with the signature made from the hmacsha1 of (key,data) .
Since the server already has the key, it can confirm that the signature is correct and accept the data.
Since the signature is sent instead of the key/password, there is never a chance that your key/password could get snatched by net sniffing.

Since this is so much more secure than sending the password with mime encoding , many websites and most social networks have switched to this method.

Jethro   -  Mar 16, 2011

I'm surprised this snippet hasn't been rated. This is very useful. Thanks for your work, Ford.

FordLawnmower   -  Mar 16, 2011

Now works with 6.3x - 7.x :)

Are you sure you want to unfollow this person?
Are you sure you want to delete this?
Click "Unsubscribe" to stop receiving notices pertaining to this post.
Click "Subscribe" to resume notices pertaining to this post.