can anybody tell me why amazon want a base64 of the hmac-sha1/sha256 hash?
http://docs.amazonwebservices.com/AmazonSimpleDB/latest/DeveloperGuide/HMACAuth.html
I know that base64 is to represent binary date in ascii but sha1/sha256 is already ascii – I mean its only hex.
Thanks
Timo
base64sha256 computes the SHA256 hash of a given string and encodes it with Base64. This is not equivalent to base64encode(sha256("test")) since sha256() returns hexadecimal representation. The given string is first encoded as UTF-8 and then the SHA256 algorithm is applied as defined in RFC 4634.
Using Base64/HEX has nothing to do with security of a hash algorithm. Base64 and HEX are ways to represent binary data, which is the actual output of a hash algorithm. Besides, algorithms like SHA-256 and SHA-512 are only "unsafe" when used for password hashing(or similar scenarios).
Base64 encoding schemes are commonly used when there is a need to encode binary data that needs to be stored and transferred over media that are designed to deal with ASCII. This is to ensure that the data remain intact without modification during transport.
Encoding, hashing, and encryption can be used together. A base64 encoded message to an application may be hashed so the integrity of that message can be verified by the receiver.
Those hashes are not ASCII–the reason you see hex digits is because the software you use to generate them takes the binary output of the digest and turns it into an ASCII string of hex digits.
For instance, the MD5 digest will fill an array of 16 bytes. You can also represent it as a string of 32 characters, but the most basic form of the digest is still the array of bytes.
When you change an array of bytes into a hex string, you need 8 bits (one full character) to represent every 4 bits of data. Although it's not frequently called that way, you could say that this uses "base16" encoding, since you're grabbing 4 bits at a time and mapping them to a 16-character alphabet.
Base64, on the other hand, grabs 6 bits at a time and maps them to a 64-character alphabet. This means that you need 8 bits (again, one full character) to represent every 6 bits of data, which has half the wasted bits of base16. A base16-encoded string will always be twice as big as the original; a base64-encoded string will only be four thirds as big. For a SHA256 hash, base16 does 64 bytes, but base64 does approximately 43.
For example, the bytes, hex, and base64 samples below encode the same bytes:
243 48 133 140 73 157 28 136 11 29 189 101 194 101 116 64 172 227 220 78
f330858c499d1c880b1dbd65c2657440ace3dc4e
8zCFjEmdHIgLHb1lwmV0QKzj3E4=
.It's only that AWS requires its values to be base64 encoded.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With