SHA256 hashing with secret key..

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

SHA256 hashing with secret key..

sergio_101
hey, all...

i installed the Cryptography library, and can produce a has like:

SHA256 hashMessage: 'test' hex.

the problem i am running into is, i need to generate the SHA256 with
my AppKey from facebook. i can't figure out how to generate a hash
using a secret key.

i tried looking through the source code, but couldn't find anything for SHA256..

any ideas?

thanks!


--
----
peace,
sergio
photographer, journalist, visionary

http://www.ThoseOptimizeGuys.com
http://www.CodingForHire.com
http://www.coffee-black.com
http://www.painlessfrugality.com
http://www.twitter.com/sergio_101
http://www.facebook.com/sergio101

Reply | Threaded
Open this post in threaded view
|

Re: SHA256 hashing with secret key..

fstephany
I havent checked the Facebook API but don't you simply need to
concatenate your key with the text you need to hash ?


SHA256 hashMessage: ('test' , 'APIKey') hex

?

On 30/09/12 15:00, sergio_101 wrote:

> hey, all...
>
> i installed the Cryptography library, and can produce a has like:
>
> SHA256 hashMessage: 'test' hex.
>
> the problem i am running into is, i need to generate the SHA256 with
> my AppKey from facebook. i can't figure out how to generate a hash
> using a secret key.
>
> i tried looking through the source code, but couldn't find anything for SHA256..
>
> any ideas?
>
> thanks!
>
>

Reply | Threaded
Open this post in threaded view
|

Re: SHA256 hashing with secret key..

sergio_101
> SHA256 hashMessage: ('test' , 'APIKey') hex
>
>

that's what i initially thought.. but the php code they show is a
little bit different..

the line that puts it together is:
hash_hmac('sha256', $payload, $secret, $raw = true)

in this case:

parameters are:
algorithm
string to be hashed
Shared secret key used for generating the HMAC variant of the message digest.
When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits.

so, i think i need to use the apiSecret as the key for encryption..

--
----
peace,
sergio
photographer, journalist, visionary

http://www.ThoseOptimizeGuys.com
http://www.CodingForHire.com
http://www.coffee-black.com
http://www.painlessfrugality.com
http://www.twitter.com/sergio_101
http://www.facebook.com/sergio101

Reply | Threaded
Open this post in threaded view
|

Re: SHA256 hashing with secret key..

Paul DeBruicker
You need an HMAC signed SHA256 secret.


https://en.wikipedia.org/wiki/HMAC

https://en.wikipedia.org/wiki/SHA-2


First step is to get the correct SHA256 part then the second step is to
make it the correct HMAC

Does that help?






On 09/30/2012 06:00 PM, sergio_101 wrote:

>> SHA256 hashMessage: ('test' , 'APIKey') hex
>>
>>
>
> that's what i initially thought.. but the php code they show is a
> little bit different..
>
> the line that puts it together is:
> hash_hmac('sha256', $payload, $secret, $raw = true)
>
> in this case:
>
> parameters are:
> algorithm
> string to be hashed
> Shared secret key used for generating the HMAC variant of the message digest.
> When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits.
>
> so, i think i need to use the apiSecret as the key for encryption..
>


Reply | Threaded
Open this post in threaded view
|

Re: SHA256 hashing with secret key..

sergio_101
> First step is to get the correct SHA256 part then the second step is to make
> it the correct HMAC
>
> Does that help?

i am not sure.. i think i need to dig around more in the crypto
package.. i have the sha256 part.. an i see the hmac code.. i think i
just have to figure out how to put them together..

thanks!


--
----
peace,
sergio
photographer, journalist, visionary

http://www.ThoseOptimizeGuys.com
http://www.CodingForHire.com
http://www.coffee-black.com
http://www.painlessfrugality.com
http://www.twitter.com/sergio_101
http://www.facebook.com/sergio101

Reply | Threaded
Open this post in threaded view
|

Re: SHA256 hashing with secret key..

Paul DeBruicker
On 09/30/2012 06:16 PM, sergio_101 wrote:

>> First step is to get the correct SHA256 part then the second step is to make
>> it the correct HMAC
>>
>> Does that help?
>
> i am not sure.. i think i need to dig around more in the crypto
> package.. i have the sha256 part.. an i see the hmac code.. i think i
> just have to figure out how to put them together..
>
> thanks!
>
>


This is what I've used before:

hmacSHA256: aString key: aKey
        ^ (SHA256 new hmac)
                key: aKey asByteArray;
                digestMessage: aString asByteArray


Took me a bit to find an image with it.




Reply | Threaded
Open this post in threaded view
|

Re: SHA256 hashing with secret key..

sergio_101
> hmacSHA256: aString key: aKey
>         ^ (SHA256 new hmac)
>                 key: aKey asByteArray;
>                 digestMessage: aString asByteArray

perfect! this is getting me closer.. i still have my test failing, but
now, i think it's another area that has problems..

looking at this, i SHOULD have been able to write it in just a few
seconds.. i have all the pieces..

but looking into it, i just dont understand what is going on line 2..

now that i look at it, and run up the chain in the browser, it's
pretty obvious what is going my ..

my concern is that i had to figure it out AFTER someone gave me the solution..

am i gonna get better at this, once i monkey with the browser alot
more, or am i just being slow on he draw?

thanks!


--
----
peace,
sergio
photographer, journalist, visionary

http://www.ThoseOptimizeGuys.com
http://www.CodingForHire.com
http://www.coffee-black.com
http://www.painlessfrugality.com
http://www.twitter.com/sergio_101
http://www.facebook.com/sergio101

Reply | Threaded
Open this post in threaded view
|

Re: SHA256 hashing with secret key..

Stéphane Ducasse
to me it shows that the package crypto should be improved.
So publish a new version with the helper methods once you get the right way of making it work.

We are all newbies in a domain or another one and I want a system for newbies (with documentation, nice comment, API, tests….).

Stef


On Oct 1, 2012, at 6:35 AM, sergio_101 wrote:

>> hmacSHA256: aString key: aKey
>>        ^ (SHA256 new hmac)
>>                key: aKey asByteArray;
>>                digestMessage: aString asByteArray
>
> perfect! this is getting me closer.. i still have my test failing, but
> now, i think it's another area that has problems..
>
> looking at this, i SHOULD have been able to write it in just a few
> seconds.. i have all the pieces..
>
> but looking into it, i just dont understand what is going on line 2..
>
> now that i look at it, and run up the chain in the browser, it's
> pretty obvious what is going my ..
>
> my concern is that i had to figure it out AFTER someone gave me the solution..
>
> am i gonna get better at this, once i monkey with the browser alot
> more, or am i just being slow on he draw?
>
> thanks!
>
>
> --
> ----
> peace,
> sergio
> photographer, journalist, visionary
>
> http://www.ThoseOptimizeGuys.com
> http://www.CodingForHire.com
> http://www.coffee-black.com
> http://www.painlessfrugality.com
> http://www.twitter.com/sergio_101
> http://www.facebook.com/sergio101
>