A PHP Hash Generator and Verifier
This is a wrapper on the PHP function HASH for generating hash digests using sha256 algorithm and also verifying a given hash againist given data.
PHP v>=5.1.2+ The easiest way to install Carbon is via composer. Create the followingcomposer.json file and run the php composer.phar install command to install it.
```json
"require": {
"edwinmugendi/hashdigest": "master"
}
```
Why not use composer? Anyway, Download Digester.php from the repo and save the file somewhere in your project.
```php use HashDigest\Digester;$dataToHash = array( 'name'=>'Ali', 'age'=>'12', 'city'=>'Nairobi', 'work'=>'Software Engineer', 'at'=>'Sapama.com' );
$hash = Digester::digest($dataToHash);
echo 'Generated Hash is '; echo "\n"; echo $hash; echo "\n"; $isValid = Digester::isHashValid($hash, $dataToHash);
echo "Hash is ". ($isValid ? 'valid': 'not valid');
<h3>Algorithm</h3>
<h4>Hash generation</h4>
The hash is generated by:
1. The ```digest($dataToHash, $algo = 'sha256', $raw_output = false, $separator = '.')``` function takes a string or array as parameter of data to be hashed eg;
```php
<?php
$dataToHash = array(
'name'=>'Ali',
'age'=>'12',
'city'=>'Nairobi',
'work'=>'Software Engineer',
'at'=>'Sapama.com'
);
$hash = Digester::digest($dataToHash);
- If parameter is array, Sort the array by the key, Hence the above array will sorted into
<?php
$dataToHash = array(
'age'=>'12',
'at'=>'Sapama.com'
'city'=>'Nairobi',
'name'=>'Ali',
'work'=>'Software Engineer'
);- Generate the string to be hashed by joining the array elements with a '.' (default) or the separator you put in the 4th parameter of the
digestfunction. Hence, the string generated from the above array will be:
$stringToHash = '12.Sapama.com.Nairobi.Ali.Software Engineer'- Hash the generated string with sha256 algorithm (for PHP use PHP Hash)
$hash = '87304e9ab39f1d9c70b9f51f9f3b70fed5d19fbd3917ea3678115c5adffcf0d5';isHashValid($hash,$dataToHash), you need to pass the pre created hash and the data from which the hash was generated from.
2. This function return true if hash is verified, false otherwise
1. Securing API - This library can be used to generate hash digest plus an ``` API_SECRET ``` (see below) of data to be passed to an API. Remember to also include the generated hash to the data being POSTed so that the API can generate an hash using the data and try and verify against the POSTed hash.
NB: API_SECRET This is code or a random string known only to the API provider and consumer and is included in the data to be hashed to make the hash more difficult to regenerate.
Happy Coding!