Layer7 API Management

Expand all | Collapse all

Getting Two different results for HmacSHA256

  • 1.  Getting Two different results for HmacSHA256

    Posted 05-21-2018 07:48 PM

    Hi,

     

    While computing hashing I am getting two different values when retrieving the source from the decoded part 

    As below when I decode the payload and refer the decoded payload in the hashing assertion I am getting a different value and when I am hardcoding the decoded part directly in the hash assertion I am getting the different value.

     

    The value which I am getting while hardcoding is correct according to the client

     

    Please find the below screenshot for reference for decoding the encoded part and then using the decoded value in the hash assertion

     

     

     

    Scenario 2

    Hard coding the decoded part directly in the hash Assertion as shown below. In this Step, I am getting the correct value.

     

     

     

     

    Please help on this



  • 2.  Re: Getting Two different results for HmacSHA256

    Posted 05-21-2018 08:18 PM

    Hi Ifran, do you mind posting the whole base64 encoded string here. 

     

    There can be some differences with whitespace, CR/LF vs LF and trailing spaces.  But if you start with b64encoded that should be unambiguious.

     

    You could also base64 encode the working string, and then do a compare of that vs the one that is failing. 

     

    Cheers - Mark



  • 3.  Re: Getting Two different results for HmacSHA256

    Posted 05-22-2018 03:21 PM

    It would be great if someone can help me on this.

     

    The String payload is attached in the comments.

     

     

    Thanks



  • 4.  Re: Getting Two different results for HmacSHA256

    Posted 05-23-2018 07:37 PM

    Hello Team,

     

    Please help on this.

     

    Thanks,



  • 5.  Re: Getting Two different results for HmacSHA256

    Posted 05-23-2018 11:19 PM

    Hi mugir01,

     

    If you decode the original base64 text in notepad++ and enable "Show all characters", you will notice there are missing 'LF' characters in some lines (Line 5 and Line 7), hence the different signature hash.

     

    Regards,
    Shawn



  • 6.  Re: Getting Two different results for HmacSHA256

    Posted 05-23-2018 11:36 PM

    Hello,

     

     

     

     

    Thank you for your help.

     

     

     

     

    Please let me know if there is any workaround.

     

     

     

     

     

     

    Thanks,



  • 7.  Re: Getting Two different results for HmacSHA256

    Posted 05-27-2018 10:37 PM

    Hi Ifran, somehow I can't see those comments with the data, but as Shawn pointed out, the text is different so the hash of each will give different answer.   

     

    To be identical they need to match every character in both documents, any difference and that includes CR/LF vs LF will give a difference hash value.

     

    Usually if the source is the same then that is not a problem, but if there is some difference in CR/LF vs LF, then that must be being added/removed in one of the steps that is handling the document - you probably need to check each step to find out where you lost them.

     

    It may also be possible, if you don't care about  CR/LF vs LF to so some replace/remove of all the CR in the document before you do the hash - but generally you wouldn't need to do this .

     

    Cheers - Mark