There are circumstances when you must check if the known user account passwords are the ones actually stored in hMailServer.
The hMailServer default configuration doesn’t allow this kind of check because stores account passwords as SHA-256 salted hashes for security reasons, from which you can’t get the original clear text passwords anymore.
The algorithm used by hMailServer to obtain the SHA-256 salted hash from a user account password is reported in previous topics as http://www.hmailserver.com/forum/viewtopic.php?f=7&t=16658&p=97515.
In the following I propose a simple Access VBA function, which uses a class for generating the SHA-256 signature of a string developed by Phil Fresle and downloadable at http://www.frez.co.uk/SHA.zip.

The function allows to check the correspondence between a clear text password and the SHA-256 hash stored in hMailServer and can be used also into a SQL query to carry out controls over data stored in Access tables.
Before using the function you must import in VBA Editor (File --> Import file) the class module CSHA256.cls content into SHA.zip.
The attached MS Access 2007 file includes:

the module with AccPwdControl function (basAccPwdControl);
the CSHA256 class module;
a form that demonstrates the AccPwdControl function use (frmPwdControl);
an example table with clear text passwords and encrypted passwords of some accounts (tblPasswords);
a query that uses the AccPwdControl function for verifying passwords in tblAccounts (qryPwrdControl).

I need to generate a SHA-256 hash in MS-Access for on-line tax submissions in the United Kingdom.
This is all new to me ! I have included below the instructions for generating the hash.
Do you think if I create the ASCII string as described below and pass it to your function it will return the correct hash
Thank you for your assistance.
Neil


As there are many implementations of SHA-256 available across multiple
technologies HMRC cannot recommend which one to use, but you should be
looking at using proven and reliable sources. In addition there are also many
documents publicly available providing test vectors with the expected results for
proving SHA-256.
The data used to generate the hash must be ASCII characters.
Q. What do I need to include in my payment instruction?
A.You need to insert a value – the sub-reference – in field 7 of standard 18. The
value of the field must be a solidus (/) to be inserted in character position 32
followed by a three alpha-numeric character sub-reference generated from the
following characters in positions 33-35
 hyphen (-)
 full stop (.)
 solidus (/) (hexadecimal value 2F)
 zero to 9
 A-Z (as specified for upper case alphabet)
So examples would be: “/123“, “/ABC“, “/..A“ “/9C-“, “/…“ , “/9C/”
The combination of the sub-reference, sort codes and the amount to be paid
provide a sufficient degree of uniqueness to allow effective matching to take
place.
The sub-reference needs to be generated with each relevant payment from the
employer, so that where an individual is paid the sameamount on a regular basis
the sub-reference allows the different transactions to be identified.
Q. How do I create the cross reference (which data items should I hash)?
A.You should hash (in this order):
(a) the four character sub-reference inserted or to be inserted in the Std 18
payment file – the solidus “/” plus the three character sub-reference;
(b) the sort code of the originator’s bank (6 digits);
(c) the sort code of the recipient’s bank (6 digits)
(d) the amount of payment in pence – see next question (11 digits).
Based on the following data, the cross reference hash should be generated from
the concatenated ASCII string abcd, in this order, with no spaces or characters
between each data item. The value of the four character sub-reference must be a
random string (not sequential). Sort codes should be supplied as a 6 numerical
digits only, the payment should be providedin pence as 11 numerical digits with
leading zeros where necessary.
So:
(a) /A.. (b) 10-00-00 (c) 30-91-44 (d) £1256.71
creates an ASCII string of:
/A..10000030914400000125671
which will generate a hash of:
a8e88f215cc98f40a2d0c47c49d0b09f4593d9bb81aef118202987a8cc0e3689
when represented in lower case as a hexadecimal string within the RTI submission.

just google 'online sha256 encoder'
There are heaps.

Thanks moderator for replying promptly.
However an on-line hash generator wouldn't be suitable as there are many transactions that need to be done in each payroll run so I need to do it programaticaly from within MS-ACCESS 2003. That's why I was interested in the original posting.