Solution was easier than I thought.
Set key = "secretkey"
Set message = "messageinabottle"
Set secretByteArray = ##class(%SYSTEM.Encryption).Base64Decode(key)
Set signatureBytes = $SYSTEM.Encryption.HMACSHA(256, message, secretByteArray)
Set requestSignatureBase64String = ##class(%SYSTEM.Encryption).Base64Encode(signatureBytes)
As you can see I get same requestSignatureBase64String if I use string values in js and objectscript examples. Unfortunately web service is expecting value QxYkJH+b0xo+pCLMBMXgKhMqjMSV+mqQbNvPf7kX2k4=
I get same signature and secretByteArray values in js and objectscript, but difference is that objectscript value is String and js value is 32-bit WordArray.
How do I get correct signature and secretByteArray values that I can pass to the $SYSTEM.Encryption.HMACSHA method?
Cryptojs example
ObjectScript example
Hi Jorge and thanks for the answer!
Yes there is external system where I try to authenticate and with Postman that javasript works just fine.
Set tSecretByteArray = ..hex(##class(%SYSTEM.Encryption).Base64Decode(keyUTF8))So do I have to get 32-bit wordArray like in JS var signature = CryptoJS.enc.Utf8.parse(rawData);
If do some hardcoding and set "signature" value from Postman, I won't get right values from
Set tSignature = ..hex($SYSTEM.Encryption.HMACSHA(256, wordArray, tSecretByteArray))
Set tSignatureBase64 = ##class(%SYSTEM.Encryption).Base64Encode(tSignature)
And yes, to_hmac was copy-paste error ;)
Problem solved! XML file is UTF-8 and I read attachment file name from there. So I needed to use ZCONVERT function and that resolved this.
$ZCONVERT(AttachFileName,"O","UTF8")