West Wind Internet and Client Tools
SHA256HMAC
Gravatar is a globally recognized avatar based on your email address. SHA256HMAC
  Gary
  All
  May 15, 2017 @ 12:32am

Hi Rick,

Amazon is requiring that I use HMAC-SHA256 to sign any submission string then they require that I Base64 HMAC encode the return string. My question is do you return Base64 HMAC by default from your HMAC-2HA256 function or do you have another function where I can achieve this goal?

Thank you,

Gary

Gravatar is a globally recognized avatar based on your email address. re: SHA256HMAC
  Rick Strahl
  Gary
  May 15, 2017 @ 11:03am

The result that comes back from that function is already base64 encoded so that should be all you need.

DO wwencryption
o = CREATEOBJECT("wwEncryption")
? o.ComputeHash("testText","HMACSHA256","123")

which results in:

hs3Lo0fa4DjdLP47g3D1dmrb8R/FzI6ARP+SyXgb94k=

which is a base64 encoded string.

If you need a different format you have to convert back to binary from base64, and then reconvert in a new format.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: SHA256HMAC
  Gary
  Rick Strahl
  May 15, 2017 @ 01:29pm

Hi Rick,

I'm taking a known sample from Amazon and running through the SHA256HMAC routine expecting to get the same results as Amazon. This is how I'm verifying the hashing is working for my needs.

Amazon My SHA 256 HMAC string: POST mws.amazonservices.com /Orders/2013-09-01 AWSAccessKeyId=AKIAJJ3NTK74P2DIYXQA&Action=GetOrder&AmazonOrderId.Id.1=113-0347737-5549068&SellerId=ALL7DYOJ1G2QC&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2017-05-15T07%3A19%3A09Z&Version=2013-09-01

Amazon resulting SHA256HMAC = 171191a62777a836685c30c90e98d808eb2b591118f217133e15e17c1766f14a Amazon Base64 HMAC = FxGRpid3qDZoXDDJDpjYCOsrWREY8hcTPhXhfBdm8Uo=

When I feed this exact string through the SHA256HMAC encoder I get this: zfpSW/hTXhx2IIylPeZpzfEis2RvUH6ewLDB9XK4jKQ= which is neither of the above. If you are encoding 64bit shouldn't it match the Amazon Base64 HMAC?

Do you consult on this? I need to get beyond this point in the coding.

Thanks,

Gary

Gravatar is a globally recognized avatar based on your email address. re: SHA256HMAC
  Rick Strahl
  Gary
  May 15, 2017 @ 02:26pm

Not sure what base64 HMAC is. There's only HMAC hashing for the hash routine and then turning those binary bits into base64. I don't think base64 HMAC is a thing - that doesn't make any sense as base64 is simply a binary encoding format - not any sort of hash/encryption.

Worst case we can create a .NET wrapper that does exactly what's needed.

Anyway - I can probably help. Give me a call and we can take a look.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: SHA256HMAC
  Rick Strahl
  Rick Strahl
  May 17, 2017 @ 02:08am

Just a heads up for those lurking:

There was a bug in the wwEncryption HMAC implementation that produced custom salt values for strings that weren't working with properly standard requests. I ended up tweaking wwEncryption to fix the salt values to only get passed to the parser rather than salting the original values.

In addition, Gary's data was running into issues with white space - specifically the data was expected to have only LF rather than the Windows CR LF combination. Whenever dealing with multiline content that contains CRLF characters make sure you check the expected CRLF format. Most non-windows systems use only LF while Windows typically uses CRLF. If you encode these values with CRLF when LF is expected you will get incorrect values.

The fix for wwEncryption with HMAC hashing is fixed and will be in the next update for Web Connection and the Client Tools.

+++ Rick ---

© 1996-2024