I am trying to make use of a REST API using C#.
The API creator has provided below pseudo code for hmac creation.
var key1 = sha1(body);
var key2 = key1 . SECRET_KEY;
var key3 = sha1(key2);
var signature = base64_encode(key3);
In the above pseudo code , body is html request body string , and SECRET_KEY
is the secret key provided by REST API provider.
As per my knowledge , I need to use System.Security.Cryptography.HMACSHA1 class
to implement this.
But am not able to completely implement above logic in C#.
Any suggestions ?
Direct mapping of above code to C# would be something like:
static string ComputeSignature(byte[] body, byte[] secret) {
using (var sha1 = SHA1.Create())
{
var key1 = sha1.ComputeHash(body);
var key2 = key1.Concat(secret).ToArray();
var key3 = sha1.ComputeHash(key2);
return Convert.ToBase64String(key3);
}
}
If you have request body as a string, convert it to byte array using proper encoding, for example:
var body = Encoding.UTF8.GetBytes(bodyAsString);
If you have your secret as string - that depends on how api developer expects it to be converted to byte array. Most likely it's already HEX or base64-encoded string.
The issue to make it work in c# is that you need to take the hex format into consideration and then in some cases for it to work the final result should be lower case (example if you're using this for a quickblox api or something)
private string GetHashedMessage(String _secret)
{
System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(_secret);
String _message= "Your message that needs to be hashed";
HMACSHA1 hmacsha1 = new HMACSHA1(keyByte);
byte[] messageBytes = encoding.GetBytes(_message);
byte[] hashmessage = hmacsha1.ComputeHash(messageBytes);
return ByteToString(hashmessage).ToLower();
}
public string ByteToString(byte[] buff)
{
string sbinary = "";
for (int i = 0; i < buff.Length; i++)
{
sbinary += buff[i].ToString("X2"); // hex format
}
return (sbinary);
}
reference: http://billatnapier.com/security01.aspx
Related
I have a javascript backend that use CryptoJS to generate a hash, I need to generate the same hash on C# Client but can't reproduce the same result than javascript.
The backend code are this:
function generateHash (str, cypherkey) {
return CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(str, CryptoJS.enc.Base64.parse(cypherkey)))
}
console.log(generateHash("testString", "UTI5dVozSmhkSE1zSUhsdmRTZDJaU0JtYjNWdVpDQnBkQ0VnUVhKbElIbHZkU0J5WldGa2VTQjBieUJxYjJsdUlIVnpQeUJxYjJKelFIZGhiR3hoY0c5d0xtTnZiUT09"))
And print: "FwdJUHxt/xSeNxHQFiOhmPDRh73NFfuWK7LG6ssN9k4="
Then when I try to do the same on my C# client with this code:
public static string generateHash(string str, string cypherkey)
{
var keyenc = new System.Text.ASCIIEncoding();
byte[] keyBytes = keyenc.GetBytes(cypherkey);
var key = BitConverter.ToString(keyBytes);
var encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(key);
byte[] messageBytes = encoding.GetBytes(str);
using (var hmacsha256 = new HMACSHA256(keyByte))
{
byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
return Convert.ToBase64String(hashmessage);
}
}
Print other result: "SiEjJASvYWfO5y+EiSJAqamMcUyBSTDl5Sy1zXl1J/k="
The problem are on the process to convert to Base64 the cypherkey, probably it's wrong.
Anyone know how can solve this?
Greetings and a lot of thanks ^^
I haven't seen the source of CryptoJs so there are assumptions here (from method names, encoding, etc):
public static string generateHash(string str, string cypherkey)
{
// based on CryptoJS.enc.Base64.parse
byte[] keyBytes = System.Convert.FromBase64String(cypherkey);
using (var hmacsha256 = new HMACSHA256(keyBytes))
{
byte[] hashmessage = hmacsha256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(str));
return Convert.ToBase64String(hashmessage);
}
}
Result:
FwdJUHxt/xSeNxHQFiOhmPDRh73NFfuWK7LG6ssN9k4=
Hth
I'm familiar with python and very new to C#.
I'm trying to convert a python code to C# code, which is not going well
Here is part of my python code:
def make_signature(uri, access_key):
secret_key = "****" # secret key (from portal or sub account)
secret_key = bytes(secret_key, 'UTF-8')
method = "POST"
message = method + " " + uri + "\n" + timestamp + "\n" + access_key
message = bytes(message, 'UTF-8')
signingKey = base64.b64encode(hmac.new(secret_key, message, digestmod=hashlib.sha256).digest())
and I tried to convert it by this C# code:
using (HMACSHA256 sha = new HMACSHA256(hmac_key))
{
var bytes = Encoding.UTF8.GetBytes(messageRaw);
string base64 = Convert.ToBase64String(bytes);
var message = Encoding.UTF8.GetBytes(base64);
// encode
var hash = sha.ComputeHash(message);
// base64 convert
return Convert.ToBase64String(hash);
}
I found out that these two code make different outputs despite of their same inputs.
Could anyone let me know how to convert it correctly?
To convert to Base64, you can use this:
public static string Base64Encode(string plainText)
{
var plainTextBytes = System.Text.Encoding.ASCII.GetBytes(plainText);
return System.Convert.ToBase64String(plainTextBytes);
}
And to convert back!
public static string Base64Decode(string base64EncodedData)
{
var base64EncodedBytes = System.Convert.FromBase64String(base64EncodedData);
return System.Text.Encoding.ASCII.GetString(base64EncodedBytes);
}
I am using RichTextBox for this example:
richTextBox1.Text = Base64Encode(richTextBox1.Text);, Convert TO Base64
richTextBox1.Text = Base64Decode(richTextBox1.Text);, Convert FROM Base64
You can change the ASCII Encoding to UTF-8, or any Encoding that Visual Studio offers :)
You don't necessarily HAVE to use a public static string, you can just take the code out and put it into buttons or MenuStrip Items
Now, prior to your question, here:
public static string Base64Encode(string plainText)
{
var plainTextBytes = System.Text.Encoding.ASCII.GetBytes(plainText);
var 1base64 = System.Convert.ToBase64String(plainTextBytes);
var 2base64 = System.Text.Encoding.ASCII.GetBytes(1base64);
return System.Convert.ToBase64String(2base64); //This is the double encryption :)
}
I hope this helps you :)
I have this C# code:
public static string Encript(string strData)
{
string hashValue = HashData(strData);
string hexHashData = ConvertStringToHex(hashValue);
return hexHashData;
}
public static string HashData(string textToBeEncripted)
{
//Convert the string to a byte array
Byte[] byteDataToHash = System.Text.Encoding.Unicode.GetBytes(textToBeEncripted);
//Compute the MD5 hash algorithm
Byte[] byteHashValue = new System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(byteDataToHash);
return System.Text.Encoding.Unicode.GetString(byteHashValue);
}
public static string ConvertStringToHex(string asciiString)
{
string hex = "";
foreach (char c in asciiString)
{
int tmp = c;
hex += String.Format("{0:x2}", (uint) System.Convert.ToUInt32(tmp.ToString()));
}
return hex;
}
Here you can see an online version.As you can see for the string "test" I get the output "5c82e9e41c7599f790ef1d774b7e6bf"
And this is what I tried on php side
$a = "test";
$a = mb_convert_encoding($a, "UTF-16LE");
$a = md5($a);
echo $a;
But the value of the php code is "c8059e2ec7419f590e79d7f1b774bfe6".Why is not working?
Edit:Looks like the C# code is incorrect and needs to be replaced
The correct MD5 hash for 'test' is '098f6bcd4621d373cade4e832627b4f6' in PHP.
I tested it with this code in C#
public static string CreateMD5(string input)
{
// Use input string to calculate MD5 hash
using (System.Security.Cryptography.MD5 md5 = System.Security.Cryptography.MD5.Create())
{
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
byte[] hashBytes = md5.ComputeHash(inputBytes);
// Convert the byte array to hexadecimal string
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hashBytes.Length; i++)
{
sb.Append(hashBytes[i].ToString("X2"));
}
return sb.ToString();
}
}
It will generate the same hash as PHP will, without the 'convert encoding' method you are using.
I believe converting the encoding is what is giving you a different answer, try it without
$a = mb_convert_encoding($a, "UTF-16LE");
The problem is that you are converting the result incorrectly in your C# code. If you put a breakpoint in the code after you call ComputeHash, and examine the value of byteHashValue, you'll see that it's c8059e2e....
Or, just add this code to your ComputeHash method:
Console.WriteLine(BitConverter.ToString(byteHashValue));
I would suggest rewriting your code to be:
public static string Encript(string strData)
{
string hashValue = HashData(strData);
return hashValue;
}
public static string HashData(string textToBeEncripted)
{
//Convert the string to a byte array
Byte[] byteDataToHash = System.Text.Encoding.Unicode.GetBytes(textToBeEncripted);
//Compute the MD5 hash algorithm
Byte[] byteHashValue = new System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(byteDataToHash);
return BitConverter.ToString(byteHashValue).Replace("-", "");
}
Oh, and a side note: the word is "Encrypt," not "Encript."
The problem in your case is not the encoding, but your conversion to string on the C# side. As long as you use the same encoding everywhere, it should work as expected. But note, that most of the online hashers use ASCII encoding, whereas you use System.Text.Encoding.Unicode which is UTF-16, thus the results will differ from the online encoders.
The code below will give the same result as your PHP snippet (ie c8059e2ec7419f590e79d7f1b774bfe6)
public static void Main(string[] args)
{
string a = "test";
string en = HashData(a);
Console.WriteLine(en);
}
public static string HashData(string textToBeEncripted)
{
Byte[] byteDataToHash = System.Text.Encoding.Unicode.GetBytes(textToBeEncripted);
Byte[] byteHashValue = new System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(byteDataToHash);
System.Text.StringBuilder s = new System.Text.StringBuilder();
foreach (var b in byteHashValue)
s.Append(b.ToString("x2"));
return s.ToString();
}
If you use System.Text.Encoding.ASCII instead, you will get 098f6bcd4621d373cade4e832627b4f6 as suggested in other answers. But then you'll have to use ASCII encoding in your PHP code as well.
This is because with UTF16 every character is represented by two bytes, and not only by one. Thus the byteDataToHash will have twice the size ([116, 0, 101, 0, 115, 0, 116, 0] vs [116, 101, 115, 116] in your case). And a different bytevector of course leads to a different hashvalue. But as said above, as long as all included components use the same encoding, it does not really matter which one you use.
Ive spent quite a bit of time now trying access a api from C# and gotten to the point that my parameters seems to get through but the api is saying signature mismatch. So given the example code below in NodeJs, how should I be creating the signature in C#?
var nonce=Math.round(new Date(now.getUTCFullYear(), now.getUTCMonth(), now.getUTCDate(), now.getUTCHours(), now.getUTCMinutes(), now.getUTCSeconds()).getTime()/1000);
var key='Your api key';
var secret='Your api secret';
var client_id='Your client id';
var path='/ac_balance'; // /ac_balance /my_pending_orders /cancel_order
var signature_data=nonce+key+client_id;
var hmac = crypto.createHmac('sha256', secret); // crypto is a module to encrypt data
hmac.write(signature_data);
hmac.end();
var signature = new Buffer(hmac.read()).toString('base64');
// if path='/ac_balance'
request.post({url:'https://api.somewebsite.com'+path, form: {key:key,nonce:nonce,signature:signature}}, function(err,httpResponse,body){ });
This is the code I use to create the signature with in C#:
var data = nounce + key + clientId;
var signature = CreateToken(data, secret);
...
private string CreateToken(string message, string secret)
{
secret = secret ?? "";
var encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(secret);
byte[] messageBytes = encoding.GetBytes(message);
using (var hmacsha256 = new HMACSHA256(keyByte))
{
byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
return Convert.ToBase64String(hashmessage);
}
}
I am playing around implementing an API. Usually that is really simple, but this one gives me problems. However, I am pretty sure the problem is me, and not the API.
Url to this specific API:
https://www.bitstamp.net/api/
I want to make POST call to the "Account balance". Currently I get the following answer:
{"error": "Missing key, signature and nonce parameters"}
and I try to do it with the following code:
var path = "https://www.bitstamp.net/api/user_transactions";
var nonce = GetNonce();
var signature = GetSignature(nonce);
using (WebClient client = new WebClient())
{
byte[] response = client.UploadValues(path, new NameValueCollection()
{
{ "key", Constants.ThirdParty.BitStamp.ApiKey },
{ "signature", signature },
{ "nonce", nonce},
});
var str = System.Text.Encoding.Default.GetString(response);
}
return 0.0m;
This is my two helper functions:
private string GetSignature(int nonce)
{
string msg = string.Format("{0}{1}{2}", nonce,
Constants.ThirdParty.BitStamp.ClientId,
Constants.ThirdParty.BitStamp.ApiKey);
return HelperFunctions.sign(Constants.ThirdParty.BitStamp.ApiSecret, msg);
}
public static int GetNonce()
{
return (int) (DateTime.Now - new DateTime(1970, 1, 1)).TotalSeconds;
}
My crypto sign function is this one:
public static String sign(String key, String stringToSign)
{
System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(key);
HMACSHA256 hmacsha256 = new HMACSHA256(keyByte);
return Convert.ToBase64String(hmacsha256.ComputeHash(encoding.GetBytes(stringToSign)));
}
Any idea why i get the "missing key" error? Is there something obvious I am doing wrong (probably is :) )?
Edit:
Fiddler tells me I post the following data:
key=mykeymykey&signature=PwhdkSek6GP%2br%2bdd%2bS5aU1MryXgrfOD4fLH05D7%2fRLQ%3d&nonce=1382299103%2c21055
Edit #2:
Updated code on generating the signature:
private string GetSignature(int nonce)
{
string msg = string.Format("{0}{1}{2}", nonce,
Constants.ThirdParty.BitStamp.ClientId,
Constants.ThirdParty.BitStamp.ApiKey);
return HelperFunctions.ByteArrayToString(HelperFunctions.SignHMACSHA256(
Constants.ThirdParty.BitStamp.ApiSecret, msg)).ToUpper();
}
public static byte[] SignHMACSHA256(String key, byte[] data)
{
HMACSHA256 hashMaker = new HMACSHA256(Encoding.ASCII.GetBytes(key));
return hashMaker.ComputeHash(data);
}
public static byte[] StrinToByteArray(string str)
{
byte[] bytes = new byte[str.Length * sizeof(char)];
System.Buffer.BlockCopy(str.ToCharArray(), 0, bytes, 0, bytes.Length);
return bytes;
}
public static string ByteArrayToString(byte[] ba)
{
return BitConverter.ToString(ba).Replace("-", "");
}
I think that the problem is that you are using base64 (Convert.ToBase64String), but in the relevant section of the API docs, it is written:
Signature is a HMAC-SHA256 encoded message containing: nonce, client ID and API key. The
HMAC-SHA256 code must be generated using a secret key that was generated with your API key.
This code must be converted to it's hexadecimal representation (64 uppercase characters).
So you have to convert the byte array to a hexadecimal string. See this question to get some examples of how to do it.