HMC SHA1 哈希 - Java 生成与 C# 不同的哈希输出
这是此内容 问题,但我正在尝试将 C# 代码移植到 Java,而不是将 Ruby 代码移植到 C#,就像相关问题中的情况一样。我正在尝试验证从 Recurly.js api 返回的加密 签名 是否有效。不幸的是,Recurly 没有 Java 库来协助验证,因此我必须自己实现签名验证。
根据上面的相关问题(这个),以下 C# 代码可以生成验证从 Recurly 返回的签名所需的哈希:
var privateKey = Configuration.RecurlySection.Current.PrivateKey;
var hashedKey = SHA1.Create().ComputeHash(Encoding.UTF8.GetBytes(privateKey));
var hmac = new HMACSHA1(hashedKey);
var hash = hmac.ComputeHash(Encoding.ASCII.GetBytes(dataToProtect));
return BitConverter.ToString(hash).Replace("-", "").ToLower();
Recurly 在其 签名文档页面:
未加密的验证消息: [1312701386,transactioncreate,[账户代码:ABC,amount_in_cents:5000,货币:USD]]
私钥: 0123456789ABCDEF0123456789ABCDEF
生成的签名: 0f5630424b32402ec03800e977cd7a8b13dbd153-1312701386
这是我的 Java 实现:
String unencryptedMessage = "[1312701386,transactioncreate,[account_code:ABC,amount_in_cents:5000,currency:USD]]";
String privateKey = "0123456789ABCDEF0123456789ABCDEF";
String encryptedMessage = getHMACSHA1(unencryptedMessage, getSHA1(privateKey));
private static byte[] getSHA1(String source) throws NoSuchAlgorithmException, UnsupportedEncodingException{
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] bytes = md.digest(source.getBytes("UTF-8"));
return bytes;
}
private static String getHMACSHA1(String baseString, byte[] keyBytes) throws GeneralSecurityException, UnsupportedEncodingException {
SecretKey secretKey = new SecretKeySpec(keyBytes, "HmacSHA1");
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(secretKey);
byte[] bytes = baseString.getBytes("ASCII");
return Hex.encodeHexString(mac.doFinal(bytes));
}
但是,当我打印出 cryptoMessage 变量时,它与示例签名的消息部分不匹配。具体来说,我得到的值是“c8a9188dcf85d1378976729e50f1de5093fabb78”,而不是“0f5630424b32402ec03800e977cd7a8b13dbd153”。
更新
根据@M.Babcock,我使用示例数据重新运行了 C# 代码,它返回了与 Java 代码相同的输出。所以看来我的散列方法是正确的,但我传递了错误的数据(未加密的消息)。叹。如果/当我可以确定要加密的正确数据是什么时,我将更新这篇文章 - 因为 Recurly 文档中提供的“未加密验证消息”似乎缺少某些内容。
更新2
错误结果是“未加密的验证消息”数据/格式。示例数据中的消息实际上并未加密到提供的示例签名 - 所以文档可能已经过时了?无论如何,我已经确认 Java 实现适用于现实世界的数据。感谢大家。
This is a follow up to this question, but I'm trying to port C# code to Java instead of Ruby code to C#, as was the case in the related question. I am trying to verify the encrypted signature returned from the Recurly.js api is valid. Unfortunately, Recurly does not have a Java library to assist with the validation, so I must implement the signature validation myself.
Per the related question above (this), the following C# code can produce the hash needed to validate the signature returned from Recurly:
var privateKey = Configuration.RecurlySection.Current.PrivateKey;
var hashedKey = SHA1.Create().ComputeHash(Encoding.UTF8.GetBytes(privateKey));
var hmac = new HMACSHA1(hashedKey);
var hash = hmac.ComputeHash(Encoding.ASCII.GetBytes(dataToProtect));
return BitConverter.ToString(hash).Replace("-", "").ToLower();
Recurly provides the following example data on their signature documentation page:
unencrypted verification message:
[1312701386,transactioncreate,[account_code:ABC,amount_in_cents:5000,currency:USD]]private key:
0123456789ABCDEF0123456789ABCDEFresulting signature:
0f5630424b32402ec03800e977cd7a8b13dbd153-1312701386
Here is my Java implementation:
String unencryptedMessage = "[1312701386,transactioncreate,[account_code:ABC,amount_in_cents:5000,currency:USD]]";
String privateKey = "0123456789ABCDEF0123456789ABCDEF";
String encryptedMessage = getHMACSHA1(unencryptedMessage, getSHA1(privateKey));
private static byte[] getSHA1(String source) throws NoSuchAlgorithmException, UnsupportedEncodingException{
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] bytes = md.digest(source.getBytes("UTF-8"));
return bytes;
}
private static String getHMACSHA1(String baseString, byte[] keyBytes) throws GeneralSecurityException, UnsupportedEncodingException {
SecretKey secretKey = new SecretKeySpec(keyBytes, "HmacSHA1");
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(secretKey);
byte[] bytes = baseString.getBytes("ASCII");
return Hex.encodeHexString(mac.doFinal(bytes));
}
However, when I print out the encryptedMessage variable, it does not match the message portion of the example signature. Specifically, I get a value of "c8a9188dcf85d1378976729e50f1de5093fabb78" instead of "0f5630424b32402ec03800e977cd7a8b13dbd153".
Update
Per @M.Babcock, I reran the C# code with the example data, and it returned the same output as the Java code. So it appears my hashing approach is correct, but I am passing in the wrong data (unencryptedMessage). Sigh. I will update this post if/when I can determine what the correct data to encrypt is- as the "unencrypted verification message" provided in the Recurly documentation appears to be missing something.
Update 2
The error turned out to be the "unencrypted verification message" data/format. The message in the example data does not actually encrypt to the example signature provided- so perhaps outdated documentation? At any rate, I have confirmed the Java implementation will work for real-world data. Thanks to all.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我认为问题出在您的 .NET 代码中。
Configuration.RecurlySection.Current.PrivateKey是否返回字符串?该值是您期望的键吗?使用以下代码,.NET 和 Java 返回相同的结果。
.NET 代码
结果:
Message: [1312701386,transactioncreate,[account_code:ABC,amount_in_cents:5000,currency:USD]] Key: 0123456789ABCDEF0123456789ABCDEF Key bytes: 4d857d2408b00c3dd17f0c4ffcf15b97f1049867 Result: c8a9188dcf85d1378976729e50f1de5093fabb78Java
结果:
Message: [1312701386,transactioncreate,[account_code:ABC,amount_in_cents:5000,currency:USD]] Key: 0123456789ABCDEF0123456789ABCDEF Key Bytes: 4d857d2408b00c3dd17f0c4ffcf15b97f1049867 Results: c8a9188dcf85d1378976729e50f1de5093fabb78I think the problem is in your .NET code. Does
Configuration.RecurlySection.Current.PrivateKeyreturn a string? Is that value the key you expect?Using the following code, .NET and Java return identical results.
.NET Code
Result:
Message: [1312701386,transactioncreate,[account_code:ABC,amount_in_cents:5000,currency:USD]] Key: 0123456789ABCDEF0123456789ABCDEF Key bytes: 4d857d2408b00c3dd17f0c4ffcf15b97f1049867 Result: c8a9188dcf85d1378976729e50f1de5093fabb78Java
Result:
Message: [1312701386,transactioncreate,[account_code:ABC,amount_in_cents:5000,currency:USD]] Key: 0123456789ABCDEF0123456789ABCDEF Key Bytes: 4d857d2408b00c3dd17f0c4ffcf15b97f1049867 Results: c8a9188dcf85d1378976729e50f1de5093fabb78我怀疑您正在处理的值的默认编码可能不同。由于他们没有指定,他们将根据您正在使用的平台使用字符串的默认编码值。
我进行了快速搜索来验证这是否属实,但仍然没有结论,但这让我认为.NET 中的字符串默认为 UTF-16 编码,而 Java 默认为 UTF-8。 (有人可以确认这一点吗?)
如果是这种情况,那么使用 UTF-8 编码的
GetBytes方法已经为每种情况生成了不同的输出。I suspect the default encoding of the values you're working on may be different. As they do not have it specified, they will use the default encoding value of the string based on the platform you're working on.
I did a quick search to verify if this was true and it was still inconclusive, but it made me think that strings in .NET default to UTF-16 encoding, while Java defaults to UTF-8. (Can someone confirm this?)
If such's the case, then your
GetBytesmethod with UTF-8 encoding is already producing a different output for each case.基于此示例代码,看起来Java希望您没有在创建 SecretKeySpec 之前已经对您的密钥进行了 SHA1 处理。你尝试过吗?
Based on this sample code, it looks like Java expects you to have not already SHA1'd your key before creating a SecretKeySpec. Have you tried that?