I'm trying to implement HMAC-SHA1 algorithm in my C++/Qt application.I have a method for Sha1 algorithm available, I just need to understand the HMAC part of it.
This pseudocode is from wikipedia:
1 function hmac (key, message) 2 if (length(key) > blocksize) then 3 // keys longer than blocksize are shortened 4 key = hash(key) 5 end if 6 if (length(key) < blocksize) then 7 // keys shorter than blocksize are zero-padded 8 key = key ∥ zeroes(blocksize - length(key)) 9 end if1011 // Where blocksize is that of the underlying hash function12 o_key_pad = [0x5c * blocksize] ⊕ key13 i_key_pad = [0x36 * blocksize] ⊕ key // Where ⊕ is exclusive or (XOR)14 // Where ∥ is concatenation15 return hash(o_key_pad ∥ hash(i_key_pad ∥ message))16 end function
What is the blocksize? What does the zeroes-function do on line 8? How do you express lines 12-13 in C++?
I am trying to get the SHA 1 certificate with the help of this link but I am not getting the required result with JAVA 10.
keytool -exportcert -list -v \-alias androiddebugkey -keystore %USERPROFILE%\.android\debug.keystore
**keytool error: java.lang.Exception: Only one command is allowed: both -exportcert and -list were specified.**
keytool -exportcert -v \ -alias androiddebug -keystore C:\Users\Tushar Rai\.android\debug.keystore
Exports certificateOptions: -rfc output in RFC style -alias <alias> alias name of the entry to process -file <file> output file name -keystore <keystore> keystore name -cacerts access the cacerts keystore -storepass <arg> keystore password -storetype <type> keystore type -providername <name> provider name -addprovider <name> add security provider by name (e.g. SunPKCS11) [-providerarg <arg>] configure argument for -addprovider -providerclass <class> add security provider by fully-qualified class name [-providerarg <arg>] configure argument for -providerclass -providerpath <list> provider classpath -v verbose output -protected password through protected mechanismUse "keytool -help" for all available commands
This is the output after trying the command for the SHA1 certificate
C:\Program Files\Java\jdk-10.0.1\bin>keytool -exportcert -alias androiddebugkey -keystore "C:\Users\Tushar Rai\.android\debug.keystore" -vEnter keystore password:***************** WARNING WARNING WARNING ****************** The integrity of the information stored in your keystore ** has NOT been verified! In order to verify its integrity, ** you must provide your keystore password. ****************** WARNING WARNING WARNING *****************Android Debug10UAndroid Debug10UU0 üì 0üëüü íl°╧⌠zlù¢Güƒ0╒g"$$°pca╔Θ!╕à]╛╚Hó[≤¡└Γê2┴╘░ªG┐ùÖ_5?7B¥K╘-£┤∞eΓ0╜┴òÄ┘ìPpPu┘m⌐δ9}Ys°Ii┘■2£τ╘c½█óR║$1xeφⁿh üü ô╕rV┼∩╬o╥ΣAL┐─Q╥P^d6¥ì╚kèÄí^▒K┬+ÇmPUNφ▄⌐!á8GpÄd═y²rûNú'╠x÷|┴}ê`─╬äé_▄6╚╙ìƒÆgZσⁿMS╩½Äv]µ}÷ îh┌|ä ┐ézV9?╠Åδ!τ┤|U╪²û╬fm╦⌠Warning:The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\Users\Tushar Rai\.android\debug.keystore -destkeystore C:\Users\Tushar Rai\.android\debug.keystore -deststoretype pkcs12".
so i have an ORDS endpoint (Oracle Rest Data Services) that receives a JSON payload from Facebook API, and a variable, X-Hub-Signature, which comes in the header of the request.
i have to validate the request i receive, so i know it's from Facebook.
i have to generate a hash that receives the payload (BLOB) and a key (string) that both facebook and i share (app_secret), and then i compare it to the value of X-Hub-Signature, so i can confirm it's a valid request.
problem is, Facebook says:"Please note that we generate the signature using an escaped unicode version of the payload, with lowercase hex digits. If you just calculate against the decoded bytes, you will end up with a different signature. For example, the string äöå should be escaped to \u00e4\u00f6\u00e5."
So far my hashes are a match to the payloads i receive, but i tried with those äöå characters and i can't know for sure if it's working, since all hmac online encoders don't look that good and also i don't know how to unicode escape them (on the online encoders).
so far i have this:
FUNCTION validate_payload (p_x_hub_signature in varchar2, p_json_payload in blob)RETURN varchar2IS v_app_secret varchar2(4000) := '2f2f2f2f2f2f2f'; l_mac raw(10000); v_x_hub_signature varchar2(4000);BEGIN l_mac := dbms_crypto.mac (src => p_json_payload, typ => dbms_crypto.hmac_sh1, key => UTL_I18N.STRING_TO_RAW (v_app_secret, 'AL32UTF8')); v_x_hub_signature := 'sha1='||lower(l_mac); return v_x_hub_signature; END;
can you give any feedback on this?is this right?
thanks in advance, sorry bad english or explanation!
G'day, I am currently tasked with creating a stored procedure with T-SQL which will be able to make a GET call using an MSXML2.serverXMLHttp instance that contains a signed OAuth authorization header.
I have been able to do everything short of generate the RSA-SHA1 signature string because I cannot find a hash_signing function.
I created the base string and generated the hash digest using the HASHBYTES() function, but am unable to find a corresponding hash signing function as the documentation is very confusing to me.
So, my question really boils down to: Is it possible to generate an RSA-SHA1 signature in T-SQL without using CLR or other external work-arounds? And if so which functions are required to do this? Thanks in advance.
My original application was created in Android Studio and I have updated it by appybuilder.
When I uploaded to Play Google, they said there is a problem with keystore, the new apk is signed with a different certificate to my previous one. When I tried to import the old key file to appybuilder the extension was not the same (jks in android studio, keystore with appybuilder).
How can I export the older key file .jks to a .keystore file?
[ SHA1: 49:13:64:3F:A0:BE:36:5E:C4:16:6B:3F:25:33:D5:3C:5F:4B:72:8F ]