C
C#13mo ago
Jelle

❔ HMAC encrypt a string

Hey guys I'm trying to HMAC encrypt a string but the resulting hash is being rejected by the server I want to use it on. It's returning 400 Bad Request: "Please provide a valid HMAC hash" I'm trying to achieve this: https://docs.novu.co/notification-center/client/react/get-started#enabling-hmac-encryption 
import { createHmac } from "crypto";

const hmacHash = createHmac("sha256", process.env.NOVU_API_KEY)
  .update(subscriberId)
  .digest("hex");
import { createHmac } from "crypto";

const hmacHash = createHmac("sha256", process.env.NOVU_API_KEY)
  .update(subscriberId)
  .digest("hex");
With my code looking like this: 
using var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(apiKey));
var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(userId));
result.NotificationCenterHash = Convert.ToHexString(hash);
using var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(apiKey));
var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(userId));
result.NotificationCenterHash = Convert.ToHexString(hash);
I'm wondering if I'm just doing it wrong or if there's something else perhaps.. I triple checked the values I'm using and they should be correct The hash that I output is 18A22B366AF133C8ADD62E471BB3F91984D12E495CD4EC33999DEE8B48722E39
10 Replies
Jelle
JelleOP13mo ago
I think it's because I'm generating it in UTF-8 and then turning that string into a hex instead of directly to hex?
Pobiega
Pobiega13mo ago
well yes and no your apiKey and userId are stored in plain text somewhere I assume
Jelle
JelleOP13mo ago
Yep
Pobiega
Pobiega13mo ago
"plain text" is sneaky thou there are many ways to encode text, so getting the byte values of a string is non-trivial it COULD be that its not utf-8 encoded and causing issues with that
Jelle
JelleOP13mo ago
Oh man I got it working
Jelle
JelleOP13mo ago
I found this which was interesting https://stackoverflow.com/questions/64010313/why-does-digest-and-digesthex-result-in-different-outputs
Stack Overflow
why does digest and digest('hex') result in different outputs?
I have 2 piece of codes. 1ST ONE const hash1 = (data) => createHash('sha256').update(data).digest('hex'); var a1 = hash1("A"); var b1 = hash1("B"); console.log(hash1(a1+b1));...
Jelle
JelleOP13mo ago
In the end I snatched up the code in this post: https://stackoverflow.com/questions/11790599/python-hmac-and-c-sharp-hmac Which in the end just returns the same thing except that it's lowercase instead of uppercase lol
Stack Overflow
Python hmac and C# hmac
We have a python web service. It needs a hash as a parameter. The hash in python is generated this way. hashed_data = hmac.new("ant", "bat", hashlib.sha1) print hashed_data.hexdigest() Now,
Jelle
JelleOP13mo ago
Though how would you advise I store the api key? It's now coming from a local file but it'll be fetched from a secret store in test/prod environment I hadn't really thought about text encoding
Pobiega
Pobiega13mo ago
C# strings are utf, so shouldnt be a problem I'm guessing you'd inject it via IConfiguration anyways, regardless of how its exposed to the app Azure keyvault, AWS secrets manager, environment variables etc
Accord
Accord13mo ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server