I'm trying to validate this message using a public key that I know is good. If I had the code in php or c++, that would be perfect. Ideally, I just need to know the data that is being used from the message.
Below is the sample message.
-----BEGIN TR34_Sample_CA_KRD.p7b-----MIIDcQYJKoZIhvcNAQcCoIIDYjCCA14CAQExADAPBgkqhkiG9w0BBwGgAgQAoIIDQjCCAz4wggImoAMCAQICBTQAAAAGMA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxUUjM0IFNhbXBsZXMxGTAXBgNVBAMTEFRSMzQgU2FtcGxlIFJvb3QwHhcNMTAxMTAyMDAwMDAwWhcNMjUxMDI4MjM1OTU5WjBBMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVFIzNCBTYW1wbGVzMRswGQYDVQQDExJUUjM0IFNhbXBsZSBDQSBLUkQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD79+R/P7Ox9NQVfsmKX8WFTDQpX8a4h29AWw437Z0+WkzplhwTpEcw5OiXqpJ2vSAw80UjuplX8FZ7oFOpNOyVkj6zkF764ZygA5F4ycHwhGg+JScKc1YW5LoUpV38k7+shAh6IrwpBxgwM0i+F6LGAVlF/ZoUcF18Q7qUgNdiP7tGjSS2EgRm+fCH49eJuCopHOF4uciv4wGEp8uHaWIPTsxtIStFOPRumheKssvnrK7PHZEWTtDvWTNARH54UP99eT3EhRKITiDgneqACQljhHY1vtPpIXTfqYI4QdDviRLcInujDGgTM2hG2UEkjcDU8OLSWWWCWO0aAhhHKeLbAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBI4bs+2pm7a2/8Jb2W71bBQ+cwNMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAayNCRdcgDRQYHWB6xs5zWNl10j2jA/IfVLjeuvemiMtc5QUiMkrdktC4EzF6vZYa1B0QdXY5qMjWGF3MyN8GPgtdSQayH65BFhyRN1MaicsRmPch5VekqnqijJ6GmYPwbGlDE0ygJTkoaDreEzZOv8Ikqn4dvCC9h5Fu778A2iAvD0bebvxheOONLJrDb8mLffrBQLI5YprFYeKE9W0JrhqHjukAfhBZl8XXTRrH+XA8eCskJRjxczCbuboAqHekeCL8hZ4ePWFfVdEKDFmIRz+lhIZnNj+upKdhKVZasHmNft4aGLpUtgApbM42MyKEQH/1tzSYfWJcMh5AAE9l4TEA-----END TR34_Sample_CA_KRD.p7b-----I am trying to connect to an API that uses an outdated hmac hash authentication mechanism for the API's.
For an instance:
$signature = hash_hmac('sha256', $string_to_sign, $api_sec);vs the one generated in Go:
h := hmac.New(sha256.New, []byte(authSecret))h.Write([]byte(stringToSign))signature := hex.EncodeToString(h.Sum(nil))When I use the same stringToSign($string_to_sign) and same authSecret($api_sec) the signature generated with Go results as an invalid signature for the API. But if I create the same with the PHP function it works fine. I am a bit lost as to where to look.
I really need help here ... I know this is simple ... but if someone could explain this like they are talking to a ten year old I'd appreciate it
In a C program, I can change the internal state of the SHA256 algo as follows:
SHA256_CTX c;SHA256_Init(&c);for (i =0; i<64; i++) SHA256_Update(&c, "$", 1);# 0x44332211 is just for examplec.h[0] = htole32(0x44332211);c.h[1] = htole32(0x44332211);c.h[2] = htole32(0x44332211);c.h[3] = htole32(0x44332211);c.h[4] = htole32(0x44332211);c.h[5] = htole32(0x44332211);c.h[6] = htole32(0x44332211);c.h[7] = htole32(0x44332211);Python provides hashlib.sha256. I want to ask if there is any way in which the internal state of sha256 algo can be updated in Python similar to what I did in C above ?
As a part of IEFT standard, I need to hash the body of a JSON request.
I have a reference code in JS that is known to produce the right hash, but now I'm stuck with matching the result in Python.
The JSON body:
body = {"description":"Test ticket"}The JS code:
bodyHash = CryptoJS.SHA256(body).toString(CryptoJS.enc.Base64)Please note it's not JSON.stringify(body)! The "correct" hash (the one I'm looking to match):
TqXFCKZWbnYkBUP4/rBv1Fd3e+OVScQBZDav2mXSMw4=The Python solution should be along the lines of:
body_hash = base64.b64encode(hashlib.sha256(repr(body).encode('utf-8')).digest()).decode('ascii')Which produces something different:
z0RpYmKAIfVibpSLJx/iRDZaNHJkJ2+rcenc1KEEAUw=Is there even a way to match those hashes? How the JS object is hashed in CryptoJS?
Please note that by viewing our site you agree to our use of cookies (see Privacy for details). You will only see this message once.