I am trying to figure out how the HMAC SHA-256 hashing algorithm works. I know that we have to use the following:
H (K ^ opad)|| H ((K ^ ipad)|| text)).
The problem that I am facing is I think of basic understanding of the above. As far as I know, SHA-256 takes in “character input”. The key that I am using is of 256 bits in size and that leads (K^ipad) to be a 512 bit number. How do I use that to get the desired hash?
SHA-256 is defined for inputting and outputting binary data using bits. Most libraries only perform calculations based on byte input instead of bit input though. So in general, SHA-256 operates on bytes, not on characters.
You need to explicitly encode your characters to to bytes using character encoding such as UTF-8 to use SHA-256. Some platforms have an implicit conversion to bytes, or even equate characters with bytes (the char type in C/C++), but it is better to use explicit conversion none-the-less.
Never confuse characters and bytes, it's the source of about half of the problems with cryptography on stackoverflow (as well as countless bugs on system in the field, not just concerning cryptography).
When comparing the implementation of your library, don't test against random sites on the internet; they usually get encoding/decoding wrong as well. Instead compare with test vectors that do make clear which bytes are actually processed.
After you succeed with the official test vectors, you could perform string comparison with known good libraries (Java, OpenSSL etc.) using code for which the string encoding is explicitly specified.
