SHA256 عبر الإنترنت تجزئة مولد

I'm configuring a gogs hook, I have an API that receives this POST from pushe.g.

secret: myS3cr3t

it's supposed that " Secret will be sent as SHA256 HMAC hex digest of payload via X-Gogs-Signature header."

then in python3 I got it like this:

message is the payload (json body) from the request and the key i set it on env var

import hashlibimport hmacdef get_secret_signature(message, secret):   signature = hmac.new(bytes(key, 'utf-8'), bytes(message, 'utf-8'), hashlib.sha256).hexdigest()   return signature 

but when checking the hook is failing cause the signature sent in X-Gogs-Signature never match with the signature generated on python

even comparing the logic with jenkins gogs plugin:

public static String encode(String data, String key) throws Exception {        final Charset asciiCs = Charset.forName("UTF-8");        final Mac sha256_HMAC = Mac.getInstance("HmacSHA256");        final SecretKeySpec secret_key = new javax.crypto.spec.SecretKeySpec(asciiCs.encode(key).array(), "HmacSHA256");        sha256_HMAC.init(secret_key);        return Hex.encodeHexString(sha256_HMAC.doFinal(data.getBytes("UTF-8")));}

I think it's the same logic in python, obviously shorter in python ;)

I am trying to bruteforce a SHA256 using Python2 , and when I run the script I get a ValueError:

ValueError: chr() arg not in range(256)

My Code

from hashlib import sha256import osdef encrypt(pt):    state = 47    ### ...ct = "sha256 hash".decode('hex')pt = 'FLAG{'while len(pt) < len(ct):    c = chr(32)    while encrypt(pt) != ct[:len(pt) + 1]:        c = chr(ord(c) + 1)    pt += c    print(pt)        

Output :

Traceback (most recent call last):  File "sls.py", line 13, in <module>    c = chr(ord(c) + 1)ValueError: chr() arg not in range(256)

Where am I bugging ?

According to the Bitstamp API docs here https://www.bitstamp.net/api/ the following Python code may be used to generate a SHA256 signature:

import hmacimport hashlibmessage = nonce + customer_id + api_keysignature = hmac.new(    API_SECRET,    msg=message,    digestmod=hashlib.sha256).hexdigest().upper()

I'm trying to use Laravel/PHP with the GuzzleHttp Client to do the same. My code is:

$client  = new \GuzzleHttp\Client();        $nonce = time();        $message = $nonce . $bitstamp_customer_id . $bitstamp_api_key;        $signature = strtoupper(hash_hmac("sha256", $message, $bitstamp_api_secret));$response = $client->request('POST', 'https://www.bitstamp.net/api/v2/balance/', [            'form_params' => [                'key' => $bitstamp_api_key,                'signature' => $signature,                'nonce' => $nonce,            ]        ]);

No matter what I try I get:

Client error:POST https://www.bitstamp.net/api/v2/balance/resulted in a403 Authentication Failedresponse: {"status": "error", "reason": "API key not found", "code": "API0001"}

I've checked the three critical Bitstamp parameters and recreated the API key multiple times. The three parameters which I have doulble checked are:

• bitstamp_customer_id
• bitstamp_api_key
• bitstamp_api_secret

I'm concluding I'm not translating the Python code correctly and would like some help.

My problem is that the newer versions of OpenSSL aren't compatible with default settings of CryptoJS.

The default hash used by openssl enc for password-based key derivation changed in 1.1.0 to SHA256 versus MD5 in lower versions. https://unix.stackexchange.com/questions/344150/why-can-one-box-decrypt-a-file-with-openssl-but-another-one-cant/344586#344586

By default, CryptoJS uses MD5 for its key derivation. OpenSSL used MD5, but now in OpenSSL versions >=1.1.0 it's using SHA256.

So if I pass -md md5 to OpenSSL, CryptoJS is compatible:

echo "Hello World" | openssl enc -aes-256-cbc -md md5 -pass pass:"Secret Passphrase" -e -base64

output: U2FsdGVkX19aufvaqQQ89scaApBos6oFCyqPj7IKUFk=

CryptoJS:

CryptoJS.AES.decrypt('U2FsdGVkX19aufvaqQQ89scaApBos6oFCyqPj7IKUFk=', 'Secret Passphrase').toString(CryptoJS.enc.Utf8);

output: "Hello World"

But now if I want to use SHA256 instead of MD5 (removing the -md md5):

echo "Hello World" | openssl enc -aes-256-cbc -pass pass:"Secret Passphrase" -e -base64

output: U2FsdGVkX1/5LLkFkTpawh1im4a/fCco5hS42cjn/fg=

CryptoJS:

CryptoJS.AES.decrypt('U2FsdGVkX1/5LLkFkTpawh1im4a/fCco5hS42cjn/fg=', 'Secret Passphrase').toString(CryptoJS.enc.Utf8);

output: null

How do I tell CryptoJS to use SHA256 instead of MD5 for its key derivation?

I have the md5 and sha256 hash of a file, I would like to calculate the size of the file from the hash value.

Is there any way to get the size of a file with md5 or sha256 hash of that file available with us ?