Base64 or HMAC problem

Dear all,

I am currently having an issue on Pharo 2.0 for windows in using HMAC encryption and subsequent bas64 encoding.

I have loaded the cryptography library from smalltalkhub, but I do not get appropriate results when using the code below:

encodedSignature := (SHA256 new) hmac key: apiKey asByteArray; digestMessage: unsignedSignature asByteArray.
encodedSignature base64Encoded encodeForHTTP.

With values:
apiKey := '123456789'.
unsignedSignature := 'pharmacistprescriptionsget000001'.
the result obtained is correct.

But with values
apiKey := 'veQC+IBLq5qMO8oGcQupjg=='.
userName := 'testpharm'.
barCode :='1403122014500'.
unsignedSignature := userName,'prescriptionsgetexecuted',barCode.
the result is not correct.

What am I doing wrong or I do not understand correctly?

Kind regards,
Spilios

Hi Spilios,

There is not enough information in your mail.

Where exactly did you load SHA256 from and how ?

What are the correct/incorrect answers that you get ?
From where do you get the references values ?
How sure are you they are correct ?

If you make it easy for others to execute the same expression as you do, you'll get a better answer.

Sven

On 28 Apr 2014, at 17:11, Spiliosv <[hidden email]> wrote:

CONTENTS DELETED

Dear Sven,

First of all thank you for your prompt reply.

I will try and include the information you have requested.

The SHA256 implementation comes from here http://smalltalkhub.com/#!/~Cryptography/Cryptography and I loaded only the latest version of Cryptography into a fresh pharo 2.0 image, and nothing else.

I need this hmacsha256 encryption for a rest implementation I am trying out, for which I have a VB implementation and I get the correct values for both sets of data.

It seems that the SHA256 (encodedSignature) hex value is correct on both occasions and the base64 encodedForHTTP value for the apiKey := '123456789' is also correct, but for the case where apiKey := 'veQC+IBLq5qMO8oGcQupjg==' I get the base64 encodedForHTTP value of 'AcTXF%2BlDa2kRYVm0k5jY6pGGTMXD7NsQS6tLBXRp3Xs%3D' where I should get '%2B%2FYhVkcaEIHBeUESOsJYD1nKyJXVGyFX%2FlxR616aUK4%3D'.
The two sets of testing code are:
1) Produces correct result.
apiKey := '123456789'.
unsignedSignature := 'pharmacistprescriptionsget000001'.
encodedSignature := (SHA256 new) hmac key: apiKey asByteArray; digestMessage: unsignedSignature asByteArray.
encodedSignature base64Encoded encodeForHTTP.

2)
apiKey := 'veQC+IBLq5qMO8oGcQupjg=='.
userName := 'testpharm'.
barCode :='1403122014500'.
unsignedSignature := userName,'prescriptionsgetexecuted',barCode.
encodedSignature := (SHA256 new) hmac key: apiKey asByteArray; digestMessage: unsignedSignature asByteArray.
encodedSignature base64Encoded encodeForHTTP.

Is the above enough?
Regards, Spilios

Now I understand why I see the long emails/replies!

The double equals in the api key is padding.  (https://en.wikipedia.org/wiki/Base64#Padding)  Will you please try your code without it, and report back?

Thanks

Paul

Spiliosv wrote

Dear Sven,

First of all thank you for your prompt reply.

I will try and include the information you have requested.

The SHA256 implementation comes from here http://smalltalkhub.com/#!/~Cryptography/Cryptography and I loaded only the latest version of Cryptography into a fresh pharo 2.0 image, and nothing else.

I need this hmacsha256 encryption for a rest implementation I am trying out, for which I have a VB implementation and I get the correct values for both sets of data.

It seems that the SHA256 (encodedSignature) hex value is correct on both occasions and the base64 encodedForHTTP value for the apiKey := '123456789' is also correct, but for the case where apiKey := 'veQC+IBLq5qMO8oGcQupjg==' I get the base64 encodedForHTTP value of 'AcTXF%2BlDa2kRYVm0k5jY6pGGTMXD7NsQS6tLBXRp3Xs%3D' where I should get '%2B%2FYhVkcaEIHBeUESOsJYD1nKyJXVGyFX%2FlxR616aUK4%3D'.
The two sets of testing code are:
1) Produces correct result.
apiKey := '123456789'.
unsignedSignature := 'pharmacistprescriptionsget000001'.
encodedSignature := (SHA256 new) hmac key: apiKey asByteArray; digestMessage: unsignedSignature asByteArray.
encodedSignature base64Encoded encodeForHTTP.

2)
apiKey := 'veQC+IBLq5qMO8oGcQupjg=='.
userName := 'testpharm'.
barCode :='1403122014500'.
unsignedSignature := userName,'prescriptionsgetexecuted',barCode.
encodedSignature := (SHA256 new) hmac key: apiKey asByteArray; digestMessage: unsignedSignature asByteArray.
encodedSignature base64Encoded encodeForHTTP.

Is the above enough?
Regards, Spilios

Now I understand why I see the long emails/replies!

Dear Sven,

I tried but still no luck. In any case the padding you are referring to is for the key for the SHA256 encryption.
I have tested in the 'https://www.freeformatter.com/hmac-generator.html#ad-output' that the hex values produced from my SHA256 operation are the same. Maybe the conversion byteArray is wrong?
The correct result for the 'encodedSignature base64Encoded encodeForHTTP. ' should be '%2B%2FYhVkcaEIHBeUESOsJYD1nKyJXVGyFX%2FlxR616aUK4%3D''. This result is added to a url request as the signature.

Any other suggestions?

Spilios

Sergi,

Thank you for the comment, but they are two different examples.

Spilios

Hi

I think you may have the incorrect expected value.

When using http://www.freeformatter.com/hmac-generator.html and entering “testpharmprescriptionsgetexecuted1403122014500” as message and “veQC+IBLq5qMO8oGcQupjg==“ as key, I get “01c4d717e9436b69116159b49398d8ea91864cc5c3ecdb104bab4b057469dd7b” hex output.
When I then enter this hex output into http://tomeko.net/online_tools/hex_to_base64.php?lang=en the generated base64 is:
AcTXF+lDa2kRYVm0k5jY6pGGTMXD7NsQS6tLBXRp3Xs=
which is identical to the Pharo generated output:
AcTXF+lDa2kRYVm0k5jY6pGGTMXD7NsQS6tLBXRp3Xs=

The ‘+’ and ‘=“ are the only 2 characters that would be encoded for HTTP which would mean the Pharo generated output is correct: AcTXF%2BlDa2kRYVm0k5jY6pGGTMXD7NsQS6tLBXRp3Xs%3D

Are you sure that your expected output is correct: %2B%2FYhVkcaEIHBeUESOsJYD1nKyJXVGyFX%2FlxR616aUK4%3D

Cheers
Carlo


On 28 Apr 2014, at 11:42 PM, Spiliosv <[hidden email]> wrote:

Dear Sven,

I tried but still no luck. In any case the padding you are referring to is
for the key for the SHA256 encryption.
I have tested in the
'https://www.freeformatter.com/hmac-generator.html#ad-output' that the hex
values produced from my SHA256 operation are the same. Maybe the conversion
byteArray is wrong?
The correct result for the 'encodedSignature base64Encoded encodeForHTTP. '
should be '%2B%2FYhVkcaEIHBeUESOsJYD1nKyJXVGyFX%2FlxR616aUK4%3D''. This
result is added to a url request as the signature.

Any other suggestions?

Spilios





--
View this message in context: http://forum.world.st/Base64-or-HMAC-problem-tp4756788p4756864.html
Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.

Dear all,

Apologies but it seems that I am getting the wrong apiKey from the test environment I am using. The correct apiKey is apiKey := '19aW5T6QBjOZFQOzygNAFA=='. which produces the appropriate results.

As stated by a number of you the SHA256 and base64 transformations work correctly.

Thank you all for your efforts.

Regards,
Spilios