❔ HMAC encrypt a string
Hey guys I'm trying to HMAC encrypt a string but the resulting hash is being rejected by the server I want to use it on. It's returning
400 Bad Request
: "Please provide a valid HMAC hash"
I'm trying to achieve this: https://docs.novu.co/notification-center/client/react/get-started#enabling-hmac-encryption
With my code looking like this:
I'm wondering if I'm just doing it wrong or if there's something else perhaps.. I triple checked the values I'm using and they should be correct
The hash that I output is 18A22B366AF133C8ADD62E471BB3F91984D12E495CD4EC33999DEE8B48722E39
10 Replies
I think it's because I'm generating it in UTF-8 and then turning that string into a hex instead of directly to hex?
well yes and no
your apiKey and userId are stored in plain text somewhere I assume
Yep
"plain text" is sneaky thou
there are many ways to encode text, so getting the byte values of a string is non-trivial
it COULD be that its not utf-8 encoded and causing issues with that
Oh man I got it working
I found this which was interesting https://stackoverflow.com/questions/64010313/why-does-digest-and-digesthex-result-in-different-outputs
Stack Overflow
why does digest and digest('hex') result in different outputs?
I have 2 piece of codes.
1ST ONE
const hash1 = (data) => createHash('sha256').update(data).digest('hex');
var a1 = hash1("A");
var b1 = hash1("B");
console.log(hash1(a1+b1));...
In the end I snatched up the code in this post: https://stackoverflow.com/questions/11790599/python-hmac-and-c-sharp-hmac
Which in the end just returns the same thing except that it's lowercase instead of uppercase lol
Stack Overflow
Python hmac and C# hmac
We have a python web service. It needs a hash as a parameter.
The hash in python is generated this way.
hashed_data = hmac.new("ant", "bat", hashlib.sha1)
print hashed_data.hexdigest()
Now,
Though how would you advise I store the api key? It's now coming from a local file but it'll be fetched from a secret store in test/prod environment
I hadn't really thought about text encoding
C# strings are utf, so shouldnt be a problem
I'm guessing you'd inject it via
IConfiguration
anyways, regardless of how its exposed to the app
Azure keyvault, AWS secrets manager, environment variables etcWas this issue resolved? If so, run
/close
- otherwise I will mark this as stale and this post will be archived until there is new activity.