Like you mentioned, the
CRYPTO:sign
returns a binary. You need to convert this to a hexidecimal string. The iRule below works for me.
when HTTP_REQUEST {
if {[HTTP::header exists "X-Akamai-G2O-Auth-Data"] && [HTTP::header exists "X-Akamai-G2O-Auth-Sign"]} {
set shared secret here
set secret_key "pass"
set data "[HTTP::header value "X-Akamai-G2O-Auth-Data"][HTTP::path]"
set signature "[HTTP::header value "X-Akamai-G2O-Auth-Sign"]"
set signed_data_binary [CRYPTO::sign -alg hmac-sha256 -key $secret_key $data]
binary scan $signed_data_binary H* signed_data_hex
if { $signed_data_hex eq $signature } {
log local0. "Signatures match"
}
}
}