I’ve been trying to learn how HMAC is calculated but seem to be missing something. According to this wiki page, calling HMAC-SHA1 on an empty key and message should result in a value of fbdb1d1b18aa6c08324b7d64b71fb76370690e1d
.
I’ve confirmed it with:
$ echo -n "" | openssl dgst -sha1 -hmac "" (stdin)= fbdb1d1b18aa6c08324b7d64b71fb76370690e1d
Following the pseudocode in the wiki page, I tried running this in bash:
ipad=$ (printf '\x36%.0s' {1..64}) opad=$ (printf '\x5C%.0s' {1..64}) echo -n $ opad$ (echo -n $ ipad | sha1sum | awk '{print $ 1}') | sha1sum
I thought since the key is empty, the inner padded key will just be 64 bytes of \x36
characters and \x5C
for the outer padded key. And since the message is also empty, HMAC can be calculated via SHA1(o_key_pad||SHA1(i_key_pad))
. But it returns a different result. What am I missing?