hmacsha1 output hex strings different between vb.net and python

StackOverflow https://stackoverflow.com/questions/21615322

  •  08-10-2022
  •  | 
  •  

Вопрос

I am using HMACSHA1 in vb.net for message authentication in a webrequest. After getting a "(403) Forbidden" message from the server, I decided to see if my signature calculation in VB matched the calculation in the sample python code I was given. The hex strings were ever so similar, but not quite exactly the same. Note the two extra 0s in the py signature but not in the vb indicated by * below. I'm assuming the py example code is good and returns correct output, so getting the vb to match may solve my problem, so what is the diff?

vb sig returns: a729e16e5c4a444a302a72c3d44544fe58aa90
py sig returns: a729e16e5c4a444a3002a72c3d44544f0e58aa90
.................................*..............*.......

Here is py code, based on pseudo-code at (http://apiaxle.com/docs/signing-requests/):

import hmac
from hashlib import sha1
from time import time
key =    'ba1d92...'    #32 bit hex number (string)
secret = '2a3759...'    #128 bit hex number (string)
curr_time = str(int(time()))
concat = curr_time+key
# hmac expects byte, so convert
concatB = (concat).encode('utf-8')
secretB = secret.encode('utf-8')
h1 = hmac.new(secretB, concatB, sha1)
# h1 is byte, so convert to hex
api_sig = h1.hexdigest()

And here is vb code:

Dim uTime As Integer = (DateTime.UtcNow - New DateTime(1970, 1, 1, 0, 0, 0)).TotalSeconds
Dim api_sig As String = ""
Using myhmac As New HMACSHA1(System.Text.Encoding.UTF8.GetBytes(secret))
  Dim hashValue As Byte() = myhmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(String.Concat(uTime.ToString, key)))
  Dim i As Integer
  For i = 0 To (hashValue.Length - 1)
    api_sig = api_sig + Hex(hashValue(i))
  Next i
Это было полезно?

Решение

Your VB output doesn't correctly pad the hex digits for values smaller than 16; the byte 0x02 is represented as just 2, not 02, and the 0x0E byte is included as e, not 0e.

You need to add a .PadLeft() call:

api_sig = api_sig + Hex(hashValue(i)).PadLeft(2, "0"c)

or use string formatting:

api_sig = api_sig + String.Format("{0:X2}", hashValue(i))
Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top