Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Node & python don't return the same hash256

Tags:

My NodeJS & Python scripts don't return the same hash, what could cause this issue?

Node.js

const { createHmac } = require("crypto");
var message = 'v1:1583197109:'
var key = 'Asjei8578FHasdjF85Hfjkasi875AsjdiAas_CwueKL='
const digest = Buffer.from(key, "base64");
const hash = createHmac("sha256", digest)
  .update(message)
  .digest("hex");

console.log(hash)
> 7655b4f816dc7725fb4507a20f2b97823979ea00b121c84b76924fea167dcaf7

Python3

message = 'v1:1583197109:'
key = 'Asjei8578FHasdjF85Hfjkasi875AsjdiAas_CwueKL=' + '=' #add a "=" to avoid incorrect padding
digest = base64.b64decode(key.encode('utf-8'))
hash_ = hmac.new(digest, message.encode('utf-8'), hashlib.sha256)
hash_result = hash_.hexdigest()
print(hash_result)
> c762b612d7c56d3f9c95052181969b42c604c2d41b7ce5fc7f5a06457e312d5b

I guess it could be the extra = to avoid the incorrect padding but my key ends with a single =.

like image 405
jjyoh Avatar asked Mar 03 '20 10:03

jjyoh

1 Answers

Node.js Buffer.from(..., 'base64') can consume the input in the "urlsafe" base64 (https://nodejs.org/api/buffer.html#buffer_buffers_and_character_encodings), and _ is not a valid Base64 character for python, while it is for node.

Adding altchars that correspond to the "urlsafe" version of Base64 to python code yields equal hashes.

const { createHmac } = require("crypto");
var message = 'v1:1583197109:'
var key = 'Asjei8578FHasdjF85Hfjkasi875AsjdiAas_CwueKL='

const digest = Buffer.from(key, "base64");
const hash = createHmac("sha256", digest)
  .update(message)
  .digest("hex");

console.log(hash) // 7655b4f816dc7725fb4507a20f2b97823979ea00b121c84b76924fea167dcaf7

message = 'v1:1583197109:'
key = 'Asjei8578FHasdjF85Hfjkasi875AsjdiAas_CwueKL=' + '=' #add a "=" to avoid incorrect padding
digest = base64.b64decode(key.encode('utf-8'), altchars='-_')
hash_ = hmac.new(digest, message.encode('utf-8'), hashlib.sha256)
hash_result = hash_.hexdigest()
print(hash_result) # 7655b4f816dc7725fb4507a20f2b97823979ea00b121c84b76924fea167dcaf7

Also, python's b64decode has validate kwarg, which would check the input string and "fail loud" instead of ignoring incorrect characters

like image 95
ionagamed Avatar answered Sep 28 '22 10:09

ionagamed
Sign in to Comment

Related questions

Gmailr without selecting a pre-authorised account in R
Determining why a particular object does not implement a Protocol
Android JNI Error: NoSuchMethodError: no non-static method
How to make jsDoc "import" work with vscode?
Can GitLab pages be used for review apps on a mkdocs project?
Unification of higher rank types on contravariant positions
Functional Testing Events and Subscribers in Symfony 4
ViewBinding - Included Layout Binding Resulting in Unresolved Reference
Tensorflow 2.1.0 - An op outside of the function building code is being passed a "Graph" tensor
selected color of MaterialToggleButton to a solid color
How to use airflow DataFlowPythonOperator for beam pipeline?
Save keras model weights directly to bytes/memory?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!