C#从API检查HMAC SHA256
我正在尝试验证API在标题中发送给我的HMAC SHA256键。我不完全了解如何验证这一点,Anoyone可以将我指向正确的方向吗?
来自API参考:
每个中央网络旋号帖子都包含一个标题字段 具有签名机构的签名值的“ X-Signature-SHA256” 有效载荷。 JSON主体与HMAC SHA256算法签名 在RFC2104上,将“客户秘密”作为签名密钥。
以下遮阳篷非常清楚&帮助: https://stackoverflow.com/a/122253723/4179234
但是,我觉得我觉得我想念一个弦乐/消息,我需要加密获取相同的HMAC SHA256密钥,因为我只有API客户端的秘密可以用作HESing但没有消息的钥匙。
以下部分取自上述stackoverlow awnser,因此我将API客户端秘密转换为字节[],并将其用于第一个输入var。但是,在这种情况下,应该有什么消息?
private static byte[] HashHMAC(byte[] key, byte[] message)
{
var hash = new HMACSHA256(key);
return hash.ComputeHash(message);
}
I'm trying to validate a hmac sha256 key that an API sends to me in a header. I don't fully understand how to validate this, can anoyone point me in the right direction?
From the API reference:
Every central webhook POST contains a header field
"X-Signature-SHA256" with the signature value of the signed body's
payload. The JSON body is signed with the HMAC SHA256 algorithm based
on RFC2104, with the "Client Secret" as the signing key.
The following awnser is pretty clear & helpfull:
https://stackoverflow.com/a/12253723/4179234
However I feel like I'm missing a string/message that I need to encrypt to get the same hmac sha256 key, as I only have the api client secret to use as a key for the hasing but no message.
Following part is taken from the above stackoverlow awnser, so I convert the api client secret to byte[] and use it for the first input var. But what should message be then in this case?
private static byte[] HashHMAC(byte[] key, byte[] message)
{
var hash = new HMACSHA256(key);
return hash.ComputeHash(message);
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论