Currently on my SAPUI5 project, I am creating a HMAC encoded string with this line of code:
var secretKey = CryptoJS.enc.Hex.parse('SECRETKEY'); //USING THE CRYPTOJS LIBRARY!var hash = CryptoJS.HmacSHA256('abc', secretKey);hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
I am using the CryptoJS library to execute this code in UI5.
However the problem is that I am receiving the wrong HMAC encoded string when I want to do the same in ABAP. After testing a few times, it seems like the encoding (in abap) is wrong before the HMAC is calculated.
Is there a function module that does 'CryptoJS.enc.Hex.parse()' - after googling what it does it interprets the parameter as encoded and converts it into a word array:
DATA: lv_sign_key_x TYPE xstring, lv_hmac_result TYPE string.DATA(lv_binary_secret) = cl_abap_hmac=>string_to_xstring('SECRETKEY').cl_abap_hmac=>calculate_hmac_for_char( EXPORTING if_algorithm = 'SHA256' "Hash Algorithm if_key = lv_binary_secret "HMAC Key if_data = 'abc' "Data IMPORTING ef_hmacb64string = lv_hmac_result "HMAC value as base64-encoded string).
I've been learning about cryptography lately and how slow hashes are the best to prevent brute-force attacks. I tried using SHA-256 in C++ implemented from this resource, which is fantastic, but it's very very fast. I changed up one of my brute-force programs to search for the SHA-256 hash of the password to see if we got a match, and it didn't take as long as I could've hoped. Currently with the (relatively very slow) brute force program I made myself, we get a table like this:
Password | runtime plaintext | passwords/sec plaintext | runtime SHA-256 | passwords/sec SHA-256 zzz | 1.18 seconds | 149,985 | 6.2 seconds | 28,564
Obviously, a skilled attacker would have a program that guesses more than 28,000 passwords/second at max speed. I tried using Bcrypt from OpenWall, but I couldn't find any good documentation on how to use it in my actual program!
Is there any way to slow down my hashing method, or should I use another way to hash in C++? If the latter, please let me know which resources you think could help me - I'm just starting out in cryptography and don't know much. Thanks!!!
I'm trying to generate HMAC of a message. The algo for HMAC generation is SHA256. The issue is i have a base64 encoded key(shared secret). How can i decode this secret to get the required hmac
var hmac = require('crypto').createHmac('SHA256', "SOME_BASE64_ENCODED_SHARED_SECRET").update("MESSAGE").digest('base64');
This hmac is sent to a java service. The way it does hmac generation is as follows:
Mac mac = Mac.getInstance("HmacSha256");SecretKey sharedKey = new SecretKeySpec(Base64.getDecoder().decode("SOME_BASE64_ENCODED_SHARED_SECRET"), "TlsPremasterSecret");mac.init(sharedKey);byte messageBytes = "MESSAGE".getBytes("UTF-8");byte expectedHmac = mac.doFinal(messageBytes);String hmac = Base64.getEncoder().encodeToString(expectedHmac));
Now, the HMACs generated by my nodejs code does not match with Java service code. How do i solve this problem?
I need to generate a HmacSHA256 signature using python with the following parameters to the signature:
merchantId = "testMerchantExample"apiHost = "apitest.example.com" apiUrl = "/v1/example?startDate=2019-07-01&organizationId=" + merchantId keyId = "KeyIdHere"keyString = "KeyStringHere"signatureParams = "host: "+apiHost+"\n" + "date: " + date + "\n" + "(request-target): get "+apiUrl+"\n" + "merchant-id: " + merchantId
These parameters need to then be passed into the function to generate the SHA256 signature.
I dont know how to do this in Python 2.7, I have seen some examples generating signatures etc. But none with these parameters. They use the following python libs:
import hmac import hashlib
Any help would be appreciated.
Here is code that I found online, it works and generated the signature correctly yay:
import hmacimport hashlib import binasciidef create_sha256_signature(key, message): byte_key = binascii.unhexlify(key) message = message.encode() return hmac.new(byte_key, message, hashlib.sha256).hexdigest().upper()
I am generating HMAC-SHA256 in Java. If the key is set to "" then The following exception is thrown:
java.lang.IllegalArgumentException: Empty key
CryptoJS.HmacSHA256("Sample Text", "") method in CryptoJS. In Java a space is also accepted as key but empty key is not accepted.
Is it possible to use empty key in Java?