I have to rewrite this php code to c#
$sign_params = ['name'=>"John", 'age'=>18];
$client_secret = 'test secret key';
ksort($sign_params); // Sort array by keys
$sign_params_query = http_build_query($sign_params); // Forming string like "param_name1=value¶m_name2=value"
$sign = rtrim(strtr(base64_encode(hash_hmac('sha256', $sign_params_query, $client_secret, true)), '+/', '-_'), '='); // get hash code
return $sign;
Here what I try:
public class apiHelper : MonoBehaviour
{
const string client_secret = "test secret key";
public static string checkSign(Dictionary<string, dynamic> fields)
{
//* sort by keys
var list = fields.Keys.ToList();
list.Sort();
string sign_params_query = "";
//* forming string like "param_name1=value¶m_name2=value"
foreach (var key in list)
{
sign_params_query = sign_params_query + key + "=" + fields[key];
if (key != list.Last()) sign_params_query = sign_params_query + "&";
}
//* get hash code
string sign = System.Convert.ToBase64String(GetHash(sign_params_query, client_secret));
char[] charsToTrim = { '=' };
return sign.Replace("+", "-").TrimEnd(charsToTrim);
}
static byte[] GetHash(string url, string key)
{
using (HMACSHA256 hmac = new HMACSHA256(Encoding.ASCII.GetBytes(key)))
{
byte[] data = hmac.ComputeHash(Encoding.UTF8.GetBytes(url));
return data;
}
}
}
Well, finally I get different hash than in php example ._. What did I wrong? Its my 1st time with cryptho or smth like that
Well, problem wath with strings which have special chars. I have to use url_encode c# equivalent to solve it.
Related
I am sending requests to Kraken api using a private key. The problem is, generated signature is not as expected.
Please note that the key you can see below it's just a sample. But it should generate the expected output. If so, that means the code is correct and it would work with an actual key.
The goal is to perform the following encryption:
HMAC-SHA512 of (URI path + SHA256(nonce + POST data)) and base64 decoded secret API key
So far, I've written this code:
public class KrakenApi
{
private static string ApiPrivateKey = "kQH5HW/8p1uGOVjbgWA7FunAmGO8lsSUXNsu3eow76sz84Q18fWxnyRzBHCd3pd5nE9qa99HAZtuZuj6F1huXg==";
public static string GetKrakenSignature(string urlPath, ulong nonce, Dictionary<string,string> data)
{
var hash256 = new SHA256Managed();
var postData = string.Join("&", data.Select(e => e.Key + "=" + e.Value).ToArray());
var encoded = Encoding.UTF8.GetBytes(nonce + postData);
var message = Encoding.UTF8.GetBytes(urlPath).Concat(hash256.ComputeHash(encoded).ToArray());
var secretDecoded = (System.Convert.FromBase64String(ApiPrivateKey));
var hmacsha512 = new HMACSHA512(secretDecoded);
var hash = hmacsha512.ComputeHash(secretDecoded.Concat(message).ToArray());
return System.Convert.ToBase64String(hash);
}
}
Usage:
var data = new Dictionary<string, string> {
{ "nonce", "1616492376594" },
{ "ordertype", "limit" },
{ "pair", "XBTUSD" },
{ "price", "37500" },
{ "type", "buy" },
{ "volume", "1.25" }
};
var signature = KrakenApi.GetKrakenSignature("/0/private/AddOrder", ulong.Parse(data["nonce"]), data);
Console.WriteLine(signature);
Output should be:
4/dpxb3iT4tp/ZCVEwSnEsLxx0bqyhLpdfOpc6fn7OR8+UClSV5n9E6aSS8MPtnRfp32bAb0nmbRn6H8ndwLUQ==
There are a number of code samples for Phyton, Node and Golang here that work correctly. But above code in C# not generating expected output.
This generates the expected output. Finally I've read Python documentation for each method used in the code sample and reproduced the same steps in C#.
public static string GetKrakenSignature(string urlPath, ulong nonce, Dictionary<string,string> data)
{
var hash256 = new SHA256Managed();
var postData = string.Join("&", data.Select(e => e.Key + "=" + e.Value).ToArray());
var encoded = Encoding.UTF8.GetBytes(nonce + postData);
var message = Encoding.UTF8.GetBytes(urlPath).Concat(hash256.ComputeHash(encoded)).ToArray();
var mac = new HMACSHA512(Convert.FromBase64String(ApiPrivateKey));
return Convert.ToBase64String(mac.ComputeHash(message));
}
I am trying to walk through the sample code using the values in the "Example: Browser-Based Upload using HTTP POST (Using AWS Signature Version 4)" page, but could not get the same signature value posted on the page.
The page does not show the value for the signing key. Does anybody know what it supposed to be? Thanks.
namespace TestAWSSignature
{
class Program
{
// Values from aws example page.
const string aKey = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";
const string anID = "AKIAIOSFODNN7EXAMPLE";
const string aRegion = "us-east-1";
const string aService = "s3";
const string aBucket = "sigv4examplebucket";
const string HMACSHA256 = "HMACSHA256";
const string aDate = "20151229";
const string SCHEME = "AWS4";
const string ALGORITHM = "HMAC-SHA256";
const string TERMINATOR = "aws4_request";
static void Main(string[] args)
{
// Initial to value from aws example page.
string base64PolicyString = "eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJzaWd2NGV4YW1wbGVidWNrZXQifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci91c2VyMS8iXSwNCiAgICB7ImFjbCI6ICJwdWJsaWMtcmVhZCJ9LA0KICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL3NpZ3Y0ZXhhbXBsZWJ1Y2tldC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sDQogICAgeyJ4LWFtei1tZXRhLXV1aWQiOiAiMTQzNjUxMjM2NTEyNzQifSwNCiAgICB7IngtYW16LXNlcnZlci1zaWRlLWVuY3J5cHRpb24iOiAiQUVTMjU2In0sDQogICAgWyJzdGFydHMtd2l0aCIsICIkeC1hbXotbWV0YS10YWciLCAiIl0sDQoNCiAgICB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LA0KICAgIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwNCiAgICB7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfQ0KICBdDQp9";
byte[] policyStringBytes = Convert.FromBase64String(base64PolicyString);
// compute the signing key
KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create(HMACSHA256);
kha.Key = DeriveSigningKey(HMACSHA256, aKey, aRegion, aDate, aService);
Console.WriteLine(String.Format("Signing Key: {0}.\n", System.Convert.ToBase64String(kha.Key)));
// SigningKey value is: y87x6+rvyCzOZTC58KmuWYhGBl9cW64GdL1evEulLSg=
// Is this the correct value?
// Compute the signature.
byte[] signature = kha.ComputeHash(policyStringBytes);
string signatureString = ToHexString(signature, true);
Console.WriteLine(String.Format("Signature: {0}.\n", signatureString));
// The computed signature value is:
// 00e98ae3199cdbfeba701f9efa66510f23f0295ab6d6f4d14202f8ef2d11956c
// But according to the aws example page it should be:
// 8afdbf4008c03f22c2cd3cdb72e4afbb1f6a588f3255ac628749a66d7f09699e
Console.WriteLine("Done.");
}
// Functions below are straight from AWSSignatureV4-S3-Sample code.
/// Compute and return the multi-stage signing key for the request.
static byte[] DeriveSigningKey(string algorithm, string awsSecretAccessKey, string region, string date, string service)
{
const string ksecretPrefix = SCHEME;
char[] ksecret = null;
ksecret = (ksecretPrefix + awsSecretAccessKey).ToCharArray();
byte[] hashDate = ComputeKeyedHash(algorithm, Encoding.UTF8.GetBytes(ksecret), Encoding.UTF8.GetBytes(date));
byte[] hashRegion = ComputeKeyedHash(algorithm, hashDate, Encoding.UTF8.GetBytes(region));
byte[] hashService = ComputeKeyedHash(algorithm, hashRegion, Encoding.UTF8.GetBytes(service));
return ComputeKeyedHash(algorithm, hashService, Encoding.UTF8.GetBytes(TERMINATOR));
}
/// Compute and return the hash of a data blob using the specified algorithm and key
static byte[] ComputeKeyedHash(string algorithm, byte[] key, byte[] data)
{
var kha = KeyedHashAlgorithm.Create(algorithm);
kha.Key = key;
return kha.ComputeHash(data);
}
/// Helper to format a byte array into string
static string ToHexString(byte[] data, bool lowercase)
{
var sb = new StringBuilder();
for (var i = 0; i < data.Length; i++)
{
sb.Append(data[i].ToString(lowercase ? "x2" : "X2"));
}
return sb.ToString();
}
}
}
I'm trying to generate the same password hash using NodeJS crypto library and C# Rfc2898DeriveBytes. The NodeJs implementation doesn't generate the same key when using the salt generated from C#. What am I doing wrong?
In C#:
public static string HashPassword(string password)
{
// random khóa
using (var rngCryp = new RNGCryptoServiceProvider())
{
var salt = new byte[SaltBytes];
rngCryp.GetBytes(salt);
// Hash the password and encode the parameters
byte[] hash = Rfc2898Deriver(password, salt, Pbkdf2Iterations, HashBytes);
return Pbkdf2Iterations + ":" + Convert.ToBase64String(salt) + ":" + Convert.ToBase64String(hash);
}
}
private static byte[] Rfc2898Deriver(string password, byte[] salt, int iterations, int outputMaxByte)
{
using (var deriveBytes = new Rfc2898DeriveBytes(password, salt))
{
deriveBytes.IterationCount = iterations;
return deriveBytes.GetBytes(outputMaxByte);
}
}
In NodeJs:
export const hash = (text, salt) => new Promise((resolve, reject) => {
crypto.pbkdf2(text, salt, iterations, bytes, 'sha256', function (err, derivedKey) {
if (err) { reject(err) }
else {
//return Pbkdf2Iterations + ":" + Convert.ToBase64String(salt) + ":" + Convert.ToBase64String(hash);
var hash = new Buffer(derivedKey).toString('base64');
var pass = `${iterations}:${salt}:${hash}`
resolve(pass);
}});})
and use like that:
var a = Buffer.from("qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq", 'base64')
var a0 = new Buffer("qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq")
var pas1 = new Buffer('AL7h8Jx4r8a8PjS5', 'base64')
hash(pas1,a0).then(pass => {
console.log("pass: ", pass)
const hashes = crypto.getHashes();
console.log(hashes); // ['DSA', 'DSA-SHA', 'DSA-SHA1', ...]
res.send(pass + "\n1000:qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq:RkdpgAcpijFqYgVxBCvJugMXqnt4j5f3")
})
As you see, hass pass in C# and Nodejs is different.
Node ->
1000:qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq:D19SUxg6AQxgSLe7YXISPWPvgIoR6BEw
C# ->
1000:qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq:RkdpgAcpijFqYgVxBCvJugMXqnt4j5f3
I had a very similar question and actually your findings helped me a lot.
Looks like the only problem you had is the wrong hashing algorithm that you passed to pbkdf2 function.
Looks like Rfc2898DeriveBytes uses SHA1 by default. So you should have used the smth like that in node:
crypto.pbkdf2(text, salt, iterations, bytes, 'sha1', (err, key) => {
console.log(key.toString('hex'));
});
Here i entered fix salt, you can also generate random string of 16. You can change length also instead of mine "32".
var crypto = require('crypto');
salt = '1234123412341234';
saltString = new Buffer(salt).toString('hex');
var password = 'welcome';
var nodeCrypto = crypto.pbkdf2Sync(new Buffer(password), new Buffer(saltString, 'hex'), 1000, 32, 'sha1');
var hashInHex="00"+saltString+nodeCrypto.toString('hex').toUpperCase();
var FinalHash = Buffer.from(hashInHex, 'hex').toString('base64')
console.log("saltInHex: "+saltString);
console.log("FinalHashInBase64: "+FinalHash);
To match stored hash password with user inpur password use bellow code :
// NodeJS implementation of crypto, I'm sure google's
// cryptoJS would work equally well.
var crypto = require('crypto');
// The value stored in [dbo].[AspNetUsers].[PasswordHash]
var hashedPwd = "AGYzaTk3eldHaXkxbDlkQmn+mVJZEjd+0oOcLTNvSQ+lvUQIF1u1CNMs+WjXEzOYNg==";
var hashedPasswordBytes = new Buffer(hashedPwd, 'base64');
var hexChar = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F"];
var saltString = "";
var storedSubKeyString = "";
// build strings of octets for the salt and the stored key
for (var i = 1; i < hashedPasswordBytes.length; i++) {
if (i > 0 && i <= 16) {
saltString += hexChar[(hashedPasswordBytes[i] >> 4) & 0x0f] + hexChar[hashedPasswordBytes[i] & 0x0f]
}
if (i > 0 && i > 16) {
storedSubKeyString += hexChar[(hashedPasswordBytes[i] >> 4) & 0x0f] + hexChar[hashedPasswordBytes[i] & 0x0f];
}
}
// password provided by the user
var password = 'vish#123';
// TODO remove debug - logging passwords in prod is considered
// tasteless for some odd reason
console.log('cleartext: ' + password);
console.log('saltString: ' + saltString);
console.log('storedSubKeyString: ' + storedSubKeyString);
// This is where the magic happens.
// If you are doing your own hashing, you can (and maybe should)
// perform more iterations of applying the salt and perhaps
// use a stronger hash than sha1, but if you want it to work
// with the [as of 2015] Microsoft Identity framework, keep
// these settings.
var nodeCrypto = crypto.pbkdf2Sync(new Buffer(password), new Buffer(saltString, 'hex'), 1000, 256, 'sha1');
// get a hex string of the derived bytes
var derivedKeyOctets = nodeCrypto.toString('hex').toUpperCase();
console.log("hex of derived key octets: " + derivedKeyOctets);
// The first 64 bytes of the derived key should
// match the stored sub key
if (derivedKeyOctets.indexOf(storedSubKeyString) === 0) {
console.info("passwords match!");
} else {
console.warn("passwords DO NOT match!");
}
I want to add multiple query string key value pairs to an url by formatting a regular string and then appending this to the current query string. Because, in my knowledge, there is no way to change the actual Request.QueryString. Therefore I try to append the kvp:s to the query string as per below. I have searched StackOverflow, but I couldn't find an answer that matches my problem.
protected void ServiceSelectionChanged(object sender, EventArgs e)
{
var regNr = registrationNumber.Text;
var selectedServiceType = SelectedServiceType.ToString("D");
string url = string.Empty;
BookingHelpers.FormatQueryStringUrl(this.Request, "serviceType", selectedServiceType, ref url);
BookingHelpers.FormatQueryStringUrl(this.Request, "regNr", regNr, ref url);
Server.Transfer(url, false);
}
public static void FormatQueryStringUrl(HttpRequest request, string key, string value, ref string url)
{
if (string.IsNullOrEmpty(url))
{
url = request.Url.PathAndQuery;
}
if (url.Contains("?"))
{
if (url.Contains("&" + key))
{
string currentValue = request.QueryString[key];
url = url.Replace("&" + key + "=" + currentValue, "&" + key + "=" + value);
}
else
{
url = String.Format(request.Url.PathAndQuery + "&" + key + "={0}", value);
}
}
else url = String.Format(request.Url.PathAndQuery + "?" + key + "={0}", value);
}
This however uses the Request.QueryString each time, so the first kvp is overwritten. So my question is: How can I make this work so that i can append both of the key value pairs to the query string?
I found an answer on stack overflow that helped me:
How to build a query string for a URL in C#?
Although, I also needed to check if the url already had a query string in it, so i modified it to something like this.
public static string ToQueryString(string url, NameValueCollection nvc)
{
StringBuilder sb;
if (url.Contains("?"))
sb = new StringBuilder("&");
else
sb = new StringBuilder("?");
bool first = true;
foreach (string key in nvc.AllKeys)
{
foreach (string value in nvc.GetValues(key))
{
if (!first)
{
sb.Append("&");
}
sb.AppendFormat("{0}={1}", Uri.EscapeDataString(key), Uri.EscapeDataString(value));
first = false;
}
}
return url + sb.ToString();
}
And the usage instead became:
var queryParams = new NameValueCollection()
{
{ "isaServiceType", selectedIsaServiceType },
{ "regNr", regNr }
};
var url = ToQueryString(Request.Url.PathAndQuery, queryParams);
I'm trying to convert this PHP cookie parsing snippet into C#, but my PHP is a bit rusty. It's taken from a facebook SDK sample.
<?php
define('FACEBOOK_APP_ID', 'your application id');
define('FACEBOOK_SECRET', 'your application secret');
function get_facebook_cookie($app_id, $application_secret) {
$args = array();
parse_str(trim($_COOKIE['fbs_' . $app_id], '\\"'), $args);
ksort($args);
$payload = '';
foreach ($args as $key => $value) {
if ($key != 'sig') {
$payload .= $key . '=' . $value;
}
}
if (md5($payload . $application_secret) != $args['sig']) {
return null;
}
return $args;
}
$cookie = get_facebook_cookie(FACEBOOK_APP_ID, FACEBOOK_SECRET);
echo 'The ID of the current user is ' . $cookie['uid'];
?>
This is what I have so far, but its not quite right:
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
HttpCookie cookie = GetCookie();
IsLoggedIn = cookie != null;
}
private HttpCookie GetCookie()
{
// based on the php example at http://developers.facebook.com/docs/authentication/
HttpCookie cookie = Request.Cookies["fbs_" + FacebookClientId];
StringBuilder payload = new StringBuilder();
if (cookie != null)
{
foreach (string key in cookie.Values.Keys)
{
if (key != "sig")
{
payload.Append(key + "=" + cookie.Values[key]);
}
}
string sig = cookie.Values["sig"];
if (sig == GetMD5Hash(payload.ToString()))
{
return cookie;
}
}
return null;
}
public string GetMD5Hash(string input)
{
MD5CryptoServiceProvider cryptoServiceProvider = new MD5CryptoServiceProvider();
byte[] bytes = Encoding.UTF8.GetBytes(input);
bytes = cryptoServiceProvider.ComputeHash(bytes);
StringBuilder s = new StringBuilder();
foreach (byte b in bytes)
{
s.Append(b.ToString("x2").ToLower());
}
return s.ToString();
}
The one part I'm not sure about is parse_str(trim($_COOKIE['fbs_' . $app_id], '\\"'), $args);. From what I can tell its creating an array out of the trimmed cookie value. Can anyone provide some assistance?
If I'm reading it correctly:
trim($_COOKIE['fbs_' . $app_id], '\\"')
Will trim \ and " from the beginning and end of the value stored in the cookie named fbs_FACEBOOK_APP_ID (The double back-slashes escape the back-slash in a single quoted string. And trim can be told what characters to trim from the string.)
Meanwhile, parse_str then parses that as if it were a query string, into an associative array. So, I'd assume that the value of that cookie should look like a query string.
Hope this helps.
There were a few issues in my original C# version.
I forgot to include the FacebookSecret as salt in the MD5 hash.
The cookie.Value needs to be trimmed and parsed as a query string as George Marian and Alex JL explained.
The parsed cookie values need to be UrlDecoded. I guess ASP.NET UrlEncodes them when creating the Cookie object.
The default encoding should be used to create the hash, not UTF8.
Here's the working solution:
private HttpCookie GetCookie()
{
// based on the php example at http://developers.facebook.com/docs/guides/canvas/#canvas
HttpCookie cookie = Request.Cookies["fbs_" + FacebookClientId];
if (cookie != null)
{
var pairs = from pair in cookie.Value.Trim('"', '\\').Split('&')
let indexOfEquals = pair.IndexOf('=')
orderby pair
select new
{
Key = pair.Substring(0, indexOfEquals).Trim(),
Value = pair.Substring(indexOfEquals + 1).Trim()
};
IDictionary<string, string> cookieValues =
pairs.ToDictionary(pair => pair.Key, pair => Server.UrlDecode(pair.Value));
StringBuilder payload = new StringBuilder();
foreach (KeyValuePair<string, string> pair in cookieValues)
{
Response.Write(pair.Key + ": " + pair.Value + "<br/>\n");
if (pair.Key != "sig")
{
payload.Append(pair.Key + "=" + pair.Value);
}
}
string sig = cookieValues["sig"];
string hash = GetMd5Hash(payload + FacebookSecret);
if (sig == hash)
{
return cookie;
}
}
return null;
}
private static string GetMd5Hash(string input)
{
MD5CryptoServiceProvider cryptoServiceProvider = new MD5CryptoServiceProvider();
byte[] bytes = Encoding.Default.GetBytes(input);
byte[] hash = cryptoServiceProvider.ComputeHash(bytes);
StringBuilder s = new StringBuilder();
foreach (byte b in hash)
{
s.Append(b.ToString("x2"));
}
return s.ToString();
}