Questions tagged [hmac]
In cryptography, HMAC (Hash-based Message Authentication Code) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret key.
hmac
1,456
questions
121
votes
5
answers
112k
views
HMAC-SHA1 in bash
Is there a bash script to generate a HMAC-SHA1 hash?
I'm looking for something equivalent to the following PHP code:
hash_hmac("sha1", "value", "key");
- 68.5k
94
votes
9
answers
232k
views
HMAC-SHA256 Algorithm for signature calculation
I am trying to create a signature using the HMAC-SHA256 algorithm and this is my code.
I am using US ASCII encoding.
final Charset asciiCs = Charset.forName("US-ASCII");
final Mac ...
- 1,341
75
votes
6
answers
118k
views
How can I generate a HmacSHA256 signature of a string
Is there any way to create a HmacSHA256 signature of a string in php?
- 26.3k
66
votes
2
answers
48k
views
What's the difference between Message Digest, Message Authentication Code, and HMAC?
My understanding of a message digest is that it's an encrypted hash of some data sent along with the encrypted data so you may verify that the data has not been tampered with. What is the difference ...
- 22.9k
63
votes
8
answers
59k
views
Objective-C sample code for HMAC-SHA1 [closed]
I need to generate HMAC-SHA1 in Objective C. But i didnt find anything that works. I tried with CommonCrypto, using CCHMAC, but didnt works. I need to generate a hmac and after generate HOTP number.
...
- 741
62
votes
11
answers
64k
views
How to send password securely via HTTP using Javascript in absence of HTTPS?
The very basic issue all developers face: Whenever user submits the form, the password is sent via network and it must be protected. The site I develop for doesn't have HTTPS. Neither does the owner ...
- 18.1k
61
votes
5
answers
73k
views
HMAC-SHA1: How to do it properly in Java?
I'm hashing some values using HMAC-SHA1, using the following code in Java:
public static String hmacSha1(String value, String key) {
try {
// Get an hmac_sha1 key from the raw key bytes
...
- 68.5k
58
votes
8
answers
81k
views
Implementation HMAC-SHA1 in python
I am trying to use the OAuth of a website, which requires the signature method to be 'HMAC-SHA1' only.
I am wondering how to implement this in Python?
- 10.1k
57
votes
3
answers
69k
views
How to generate HMAC-SHA1 in C#?
I am trying to make use of a REST API using C#. The API creator has provided sample libraries in PHP, Ruby and Java. I am getting hung up on one part of it where I need to generate an HMAC.
Here's ...
- 74.9k
54
votes
4
answers
51k
views
Python3 and hmac . How to handle string not being binary
I had a script in Python2 that was working great.
def _generate_signature(data):
return hmac.new('key', data, hashlib.sha256).hexdigest()
Where data was the output of json.dumps.
Now, if I try ...
52
votes
2
answers
58k
views
How to generate an HMAC in Java equivalent to a Python example?
I'm looking at implementing an app getting Twitter authorization via Oauth in Java. The first step is getting a request token. Here is a Python example for app engine.
To test my code, I am running ...
- 20.6k
51
votes
7
answers
44k
views
java equivalent to php's hmac-SHA1
I'm looking for a java equivalent to this php call:
hash_hmac('sha1', "test", "secret")
I tried this, using java.crypto.Mac, but the two do not agree:
String mykey = "secret";
String test = "test";
...
- 14.3k
48
votes
3
answers
32k
views
HMAC vs simple MD5 Hash
Can anyone point out what the advantage of using HMАC is?
For example, if I have a text T and a key K, I can use either HMAC-MD5 algorithm or Md5(T + K) to get a signature.
- 84.7k
46
votes
5
answers
43k
views
Crypto algorithm list
I'm trying to find a list of strings that can be used a a crypto algorithm to fit into this function, replacing SHA256.
crypto.createHmac("SHA256", secret).update(string).digest('base64'),
I've come ...
- 57.2k
39
votes
4
answers
71k
views
Compute HMAC-SHA512 with secret key in java
I want to exactly build a function which produces a HMAC with a secret key like this site provides:
http://www.freeformatter.com/hmac-generator.html
The Java 8 lib only provides MessageDigest and ...
- 1,609
39
votes
1
answer
58k
views
How Do Hardware Token Devices work? [closed]
Recently, my bank sent me this tiny device that generates a unique code that must be used when performing online transactions, all the device does is generate this unique code when I press a ...
- 1,062
37
votes
2
answers
75k
views
Python encoded message with HMAC-SHA256
I try to encoded message with HMAC-SHA256 in Python according to [instructions][1]
import hmac
import hashlib
nonce = 1234
customer_id = 123232
api_key = 2342342348273482374343434
API_SECRET = ...
- 701
37
votes
3
answers
31k
views
C# equivalent to hash_hmac in PHP
using .NET and C# i need to provide an integrity string using HMAC SHA512 to a PHP server .
Using in C# :
Encoding encoding = Encoding.UTF8;
byte[] keyByte = encoding.GetBytes(key);
HMACSHA512 ...
- 415
34
votes
3
answers
15k
views
Using HMAC-SHA1 for API authentication - how to store the client password securely?
In a RESTful API that uses S3-style authentication, the API client signs the request with his secret key using HMAC-SHA1, so the secret key is never transmitted over the wire.
The server then ...
- 3,120
33
votes
5
answers
78k
views
How to use SHA256-HMAC in python code?
I am taking message and key from this URL
import hmac
import hashlib
import base64
my = "/api/embedded_dashboard?data=%7B%22dashboard%22%3A7863%2C%22embed%22%3A%22v2%22%2C%22filters%22%3A%5B%7B%...
- 2,114
31
votes
4
answers
28k
views
Using HMAC SHA256 in Ruby
I'm trying to apply HMAC-SHA256 for generate a key for an Rest API.
I'm doing something like this:
def generateTransactionHash(stringToHash)
key = '123'
data = 'stringToHash'
digest = OpenSSL::...
- 859
29
votes
4
answers
133k
views
How can I decrypt a HMAC?
I can make an HMAC using the following:
var encrypt = crypto.createHmac("SHA256", secret).update(string).digest('base64');
I am trying to decrypt an encoded HMAC with the secret:
var decrypt = ...
- 57.2k
28
votes
2
answers
18k
views
Is there any function for creating Hmac256 string in android?
Is there any function for creating Hmac256 string in android ?
I am using php as my back end for my android application, in php we can create hmac256 string using the php function hash_hmac () [ ref ]...
- 8,313
28
votes
6
answers
13k
views
How much can you truncate a SHA1 hash and be reasonably sure of having an unique ID?
I am making an application that stores documents and gives each one a UID based on a SHA1 digest of a few things including the timestamp. The digest has a lot of characters, and I want to allow users ...
- 44.7k
25
votes
2
answers
10k
views
Is HMAC necessary if all API calls are made through https?
If all api calls are sent through https, does HMAC add any extra security? For example, in oauth 2, the client sends its secret key to the provider without any hashing whatsoever. Is this considered ...
24
votes
1
answer
24k
views
How do I sign a POST request using HMAC-SHA512 and the Python requests library?
I'm trying to use Python to access the trading API at poloniex.com, a cryptocurrency exchange. To do this I must follow this prescription:
All calls to the trading API are sent via HTTP POST to ...
- 271
24
votes
3
answers
20k
views
Generate a 10-digit TOTP password with a certain key
This problem is related to TOTP as specified in RFC6238 here: https://www.rfc-editor.org/rfc/rfc6238#section-1.2.
I am to implement the RFC6238 to generate a 10-digit TOTP password, which will be used ...
- 375
23
votes
4
answers
13k
views
PBKDF2-HMAC-SHA2 test vectors
There are test vectors for PBKDF2-HMAC-SHA1 in RFC6070. There are test vectors for HMAC-SHA2 in RFC4231.
But so far I haven't found test vectors for PBKDF2-HMAC-SHA2 anywhere.
I'm most interested in ...
- 7,089
23
votes
1
answer
26k
views
How to create a Json Web Token (JWT) using OpenSSL shell commands?
I'm trying to create a JSON Web Token (JWT) using command line utilities on MacOS and hitting a snag with the signing portion.
I was greatly inspired by this gist: https://gist.github.com/indrayam/...
- 566
21
votes
1
answer
30k
views
How to generate HMAC-SHA256 in .Net Core?
I am using this page to generate some test HMAC-SHA256 hashes for some texts:
https://www.liavaag.org/English/SHA-Generator/HMAC/
However, when I try to use the approach in this MSDN guide in my ....
- 15.7k
21
votes
1
answer
17k
views
How does one generate an HMAC string in Elixir?
I'm attempting to write an Amazon Product Advertising API client in Elixir. The developer guide describes the process for signing an API request in which the an HMAC-SHA26 hash must be created using ...
- 309
20
votes
2
answers
31k
views
Generate HMAC SHA256 signature Python
Trying to generate HMAC SHA256 signature for 3Commas, I use the same parameters from the official example, it should generate:
"30f678a157230290e00475cfffccbc92ae3659d94c145a2c0e9d0fa28f41c11a"
But I ...
- 203
19
votes
3
answers
19k
views
xcode ios HMAC SHA 256 hashing
So I'm trying to figure out how to do a hmacshad256 hash on ios as that's the hash I did for the wcf service api I made. I've been trying to look for some info about it but would usually just end up ...
- 2,734
19
votes
3
answers
23k
views
Difference between HMACSHA256 and HMACSHA512
We are using the below code to generate a HMac hash against a sensitive value in C#
public string GenerateHMac(string key, string message)
{
var decodedKey = Convert.FromBase64String(key);
...
- 5,764
18
votes
3
answers
49k
views
basics of python encryption w/ hashlib sha1
I'm struggling to fully understand how encryption works and is coded, particularly with python. I'm just trying to get the basics down and create code in the simplest form.
I'm going to be passing a ...
- 3,518
16
votes
4
answers
18k
views
HMAC SHA256 in Swift 4
I have a string and a key, which i want to generate an HMAC SHA256 from it. Although i'm using 2 libs
IDZSwiftCommonCrypto and CryptoSwift
and this answer
Nothing really worked for me. My source of ...
- 2,884
16
votes
2
answers
3k
views
Why does encrypting HMAC-SHA1 in exactly the same code in C# and PowerShell show different results?
I've been trying to encrypt a Amazon S3-like authorization key with HMAC-SHA1 in PowerShell with the following code:
$str="PUT\n\napplication/x-zip-compressed\nThu, 09 Feb 2017 08:59:43 GMT\n/test-...
- 211
16
votes
2
answers
9k
views
React-Native + crypto : How to generate HMAC in React-Native?
I have tried crypto, which obviously doesn't work because it depends on node running. So, I turned to crypto-browserify, but I believe there are dependency issues. If anyone could help, I'd be much ...
- 541
15
votes
2
answers
19k
views
Need to generate HMAC SHA256 hash in Objective C as in Java
I need to generate a hash using HMAC SHA256. I am using the following code in Java. I need an equivalent code in Objective-C.
javax.crypto.Mac mac = javax.crypto.Mac.getInstance(type);
javax.crypto....
- 1,242
15
votes
1
answer
23k
views
Confused how to use AES and HMAC
I'm a little bit confused how to use AES and HMAC (based on SHA-256) in a proper way when transmitting the encrypted message from server to client or vice versa
Correct me please if the following ...
- 860
15
votes
1
answer
18k
views
Create OAuth Signature with HMAC-SHA1 Encryption returns HTTP 401
The Question
I need to authenticate to an API which needs OAuth encryption.
I'm in the right direction but I am sure something is wrong with my signature base string. Since the HMACSHA1 Hash is based ...
- 2,853
13
votes
3
answers
4k
views
Why is ComputeHash not acting deterministically?
I've run into an interesting issue.. It seems that ComputeHash() for a "HMACSHA256" hash is not behaving deterministically.. if I create two instances of HashAlgorithm using HashAlgorithm.Create("...
- 1,710
13
votes
3
answers
16k
views
AES256 CBC + HMAC SHA256 ensuring confidentiality *and* authentication?
I'm thinking of using AES256 CBC + HMAC SHA-256 as a building block for messages that ensures both confidentiality and authentication.
In particular, consider this scenario:
Alice is possession a ...
- 3,448
13
votes
3
answers
32k
views
HMAC authentication via Postman
I'm using an example for setting up HMAC authentication for a Web API project. The original example source code/project is available here:
http://bitoftech.net/2014/12/15/secure-asp-net-web-api-...
- 776
13
votes
3
answers
7k
views
HMAC security - Is the security of the HMAC based on SHA-1 affected by the collisions attacks on SHA-1?
Is the security of the HMAC based on SHA-1 affected by the collisions attacks on SHA-1?
- 12.2k
13
votes
1
answer
39k
views
JWT Token Invalid Signature [duplicate]
I am using JWT in my application for login authentication process.
To generate the token I am using:
Jwts.builder().setSubject(username).signWith(SignatureAlgorithm.HS512, MacProvider.generateKey())...
- 483
12
votes
2
answers
22k
views
Generate a strong HMACSHA256 key in C#
I'm looking to implement HMACSHA256 request signing in an API I'm building. From what I understood from https://www.rfc-editor.org/rfc/rfc4868, it's best that the secret key be the same number of bits ...
- 39.9k
12
votes
2
answers
29k
views
Why base64 a sha1/sha256 hash?
can anybody tell me why amazon want a base64 of the hmac-sha1/sha256 hash?
http://docs.amazonwebservices.com/AmazonSimpleDB/latest/DeveloperGuide/HMACAuth.html
I know that base64 is to represent ...
- 931
12
votes
2
answers
6k
views
Ruby and PHP HMACs not agreeing
I'm trying to create an HMAC in Ruby and then verify it in PHP.
Ruby:
require 'openssl'
message = "A522EBF2-5083-484D-99D9-AA97CE49FC6C,1234567890,/api/comic/aWh62,GET"
key = "3D2143BD-6F86-449F-...
- 9,295
12
votes
1
answer
16k
views
Why the hashlib and hmac are generating different hash values?
In Python 2.7,
my = "my"
key = "key"
print(hashlib.sha256(my + key).hexdigest())
print(hmac.new(my, key, hashlib.sha256).hexdigest())
output,
...
- 121