Hi - I have written a PowerShell script to update machine keys for a suite of web applications. I've used the "Generate-MachineKey" function found here:
https://support.microsoft.com/en-us/kb/2915218#AppendixA
When I generate an HMACSHA512 validation key with this function I get a 256 character output string. But if I use Microsoft IIS admin utility to generate the same key I get a 128 character output string.
I also notice both the IIS gui and the PowerShell function generate a 128 character output string for HMACSHA256 (so in PowerShell the output for HMACSHA512 is twice the length of HMACSHA256 but in IIS gui both are 128).
I tested my apps with the PowerShell generated keys and everything works fine. But can anyone explain to me why the output is different lengths from different MS tools and not matching up with the lengths they say these values should be? I want to make sure this PowerShell function is good before I deploy these keys to production web apps. I have spent hours searching and can find no info about this. Any insight would be much appreciated.
According to this article the lengths should be as stated below:
https://msdn.microsoft.com/en-us/library/w8h3skw9(v=vs.100).aspx
HMACSHA256 requires a 256-bit key (64 hexadecimal characters).
HMACSHA384 requires a 384-bit key (96 hexadecimal characters).
HMACSHA512 requires a 512-bit key (128 hexadecimal characters).