У продаји СХА256 хасх генератор

So the signature that I'm getting from Java doesn't match what I'm getting in openssl. Here's an example of what I'm doing:

In a terminal using openssl I'm doing this.

    echo +pkCdYME5SzI7A2PV0r8/8FqYGZyvTp+4DoGkdaMYRs= hash    openssl dgst -sha256 -sign "private.key" -out hash.sha256 hash    base64 < hash.sha256 > hash.bin    cat hash.bin    results posted below

Java Code: (hash matches the one I'm using for openssl)

    private String createSignature(String hash) throws ProductException {      try {        Signature privateSignature = Signature.getInstance("SHA256withRSA");        privateSignature.initSign(getPrivateKey());        privateSignature.update(hash.getBytes(UTF_8));        byte[] signature = privateSignature.sign();        String result = Base64.encodeBase64String(signature);        System.out.println(result); //THIS RESULT SHOULD MATCH BUT DOESN'T        return result;      } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException e) {        throw new ProductException(Codes.AUTHENTICATION_ERROR, e);      }    }       private PrivateKey getPrivateKey() throws ProductException {      try {        String key = IOUtils.toString(this.getClass().getResourceAsStream("private.key"));        PemObject pem = new PemReader(new StringReader(key)).readPemObject();        byte[] content = pem.getContent();        KeyFactory keyFactory = KeyFactory.getInstance("RSA");        PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(content);        return keyFactory.generatePrivate(ks);      } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {        throw new ProductException(Codes.AUTHENTICATION_ERROR, e);      }    }

PLEASE HELP! I've scoured the interwebs and I don't know what I'm doing wrong.

My openssl signature = O8DRek17ySzz+p2N8brH/9CdY3b+GN5bnyaTtn+ZP3SDIBvtqkk/lp+zb1BZ80a6xCIID8CTjNU+/svrV/q/rXEqEQc3jk3ZVUo0RJB52rgW26EQWyieAdqRlIbQqPhaCIrpWrs+WImGk7cPnkTEueIm+EzxG8ptjF5cAZH3lustVLt8SM9sXjQJzxzMgF2g0XN+1GQniAdWT/oNJXv0ZG7PSFACfcoSTSdN4wHkVAG4/PF/d6H+M5eTkEu6NhXfbfBBtavGmBiDgM6FPFDJ4r+2Rzvc/vpSiglUUQgxD58PTH47Y8xMc4t4/yahrchi2if2cJ7e89RBb1IHNus+eB8zPS0MHBn2OWDUM66P1KRanwzebDfg08VhRbW8zVnmNUNzXxAdCWa3kwsDe7hx+36oHfJwoyqIFwjJi8TKZm0JLKMf0SaLh/6zK0bIdgoXw23AfJni1ewmUqZbpE6Q4A0TgxaJg1aozb06l7Nb523FqV6ScRZ0wJK3s51Dduy5j1V1jt0+YYd+0zACyYfr5a+vypEygzsZ2Rzu3Q/l4VoPlZF2dr50TLnbhTvFnyK9mvc0zaTmsuHI5UJAbcpFBTXiDWb0DoWo4PkHRVFPvIMai37UxW4c5V0ybchlQHrEKYQ8NigYHGX5j8GsFhZJgg73Het1YwoWdsz1PksoYTY=

My Java Signature = 8dKc1otqL+thKQ7yTPeHX7T5fuOgv6PmHvlP5QyEHEXZILwD/234polMSs20i4na9wCuUdcSA+mHEKpY7Dkyd8VLTcZZ8RC8AlPE5bvzXc/uZhyPpBuSA7mDDOARbg3mx5usq4ythdqxj6OvdOBAJXXFB6Jc/c1XVd8IxDnRJoz5MlwxZIp94TAyW11QbMGNZuzcbsdEdsBuXU1MR4gzVfMLJjMcIM3YTtsP3bktsPAs5W2Asp9lDg5GuIOgWgXpTlj3VY6NF64SCI1tY4LhE7zq16YXQ6ykJ490YSVX5J9z+cDvZcVgfvgKCZuk4wgnXo6PbE4Wm4FDuzu35DEQi9Y5EEHzXlb5aNFQP3S6lumyfqOCmZlQcNVS53ur1fY4P8cnOuHZelyYS1Dw54q0SDCjFuANK2Ltl8rIZOZQWbg6jo45HbpaHUgt1NMkmj/UC/rLSnofa/YYbcJ2YZbqUdyX/yTBlzEuLR0/4Bgv9zvBw8HI0h3icv7/1NYaKo/eBSki6HNyDh2pDWX6IHQTFMzdFKeoXVAQLfaJREIpMPu+rDExI6Ozl0r9D61fY+XtMrptGNTFzf1h4cwUAZAC737Ahc6qsr+jQkDWDJt6oJbgziNE4C2JZriRtvRDACpryt6MGH1QnYPGYfCVs/xSxaYEtGJsjRRkG+lkpojcJ+A=

I am generating the SHA256 of the following string

{    "billerid": "MAHA00000MUM01",    "authenticators":     [        {            "parameter_name": "CA Number",            "value": "210000336768"        }    ],    "customer":     {        "firstname": "ABC",        "lastname": "XYZ",        "mobile": "9344895862",        "mobile_alt": "9859585525",        "email": "abc@billdesk.com",        "email_alt": "abc2@billdesk.com",        "pan": "BZABC1234L",        "aadhaar": "123123123123"    },    "metadata":     {        "agent":         {            "agentid": "DC01DC31MOB528199558"        },        "device":         {            "init_channel": "Mobile",            "ip": "124.124.1.1",            "imei": "490154203237518",            "os": "Android",            "app": "AGENTAPP"        }    },    "risk":    [        {          "score_provider": "DC31",          "score_value": "030",          "score_type": "TXNRISK"        },        {          "score_provider": "BBPS",          "score_value": "030",          "score_type": "TXNRISK"        }    ]}

I am getting different SHA256 output from different sources.This website: https://www.freeformatter.com/sha256-generator.html#ad-output calculates the SHA256 of the above string: 053353867b8171a8949065500d7313c69fe7517c9d69eaff11164c35fcb14457

This website(https://emn178.github.io/online-tools/sha256.html) gives the SHA256 as eae5c26759881d48a194a6b82a9d542485d6b6ce96297275c136b1fa6712f253

I am using CryptoJs library in Javascript to calculate SHA256 which also gives eae5c26759881d48a194a6b82a9d542485d6b6ce96297275c136b1fa6712f253 this result.

I want the SHA256 calculated to be: 053353867b8171a8949065500d7313c69fe7517c9d69eaff11164c35fcb14457

Why these is difference in SHA256 calculation over different places?

I'm trying to get the SHA256 hash of a string in base64 format.

I'm using DigestUtils from org.apache.commons.codec.digest. I don't know how to get the Base64 format, even though I can get the Hex format.

Sha256String = org.apache.commons.codec.digest.DigestUtils.sha256Hex(StringText);

Using "a" as stringtest, this line returns

ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb

But what I actually need is ypeBEsobvcr6wjGzmiPcTaeG7/gUfE5yuYB3ha/uSLs.

I have been reading nonstop, and can't understand how to do it.

Now I'm trying this

Byte[] digest = org.apache.commons.codec.digest.DigestUtils.sha256(StringText);

And this I need to store it in a variable, so I'm trying this

String OutStr = new String(digest);

With no luck. I don't know where else to search help, for I had read all the google searches a lot of times (and if the answer is there, I'm not seeing it)

I don't code in java, but this time I need this to get working! Love!

so I'm writing my own tls 1.2 implementation for learning's sake and because the server I'm connecting to use a modified version of the protocol that ask for a non random client_random anyway (TL;DR: I'm having a bad_record_mac error on finished message with my implementation and can't find where I made a mistake)

I have to precise the only cipher suite I'm concerned about is TLS_RSA_WITH_AES_128_CBC_SHA

so first I create my client random and the handshake begins with the server sending server_random and the RSA public key in the certificate

I generate a random pre_master_secret and encrypt it with the RSA public key (done by a native module of the language, so no mess up by me on this) and send it back in a client_key_exchange message

I then generate the master_secret from: PRF(pre_master_secret, "master secret", client_random+server_random) where PRF is:

class TlsMasterSecret {    constructor(pre_master_secret, client_random, server_random) {        this.master_secret = TlsMasterSecret.PRF(pre_master_secret, Buffer.from("master secret", "ascii"), Buffer.concat([client_random, server_random]), 48);        this.master_secret = this.master_secret.slice(0, 48);        this.key_block = TlsMasterSecret.PRF(this.master_secret, Buffer.from("key expansion", "ascii"),Buffer.concat([server_random, client_random]), 104);        // 20 20 16 16        this.client_write_MAC_key = this.key_block.slice(0, 20);        this.server_write_MAC_key = this.key_block.slice(20, 40);        this.client_write_key = this.key_block.slice(40, 56);        this.server_write_key = this.key_block.slice(56, 72);    }    static PRF(secret, label, seed, neededLength) {        return TlsMasterSecret.P_hash(secret, Buffer.concat([label, seed]), neededLength)    }    static P_hash(secret, seed, neededLength) {        const A = [seed];        let resultHash = Buffer.from("", "hex");        // HMAC_SHA256 generates 32 bytes per update        const iterations = Math.ceil(neededLength / 32);        // generate A        for(let i = 1; i < iterations + 1; i++) {            A[i] = TlsMasterSecret.HMAC_hash(secret, A[i-1]);        }        // calculates the hash        for(let i = 1; i < iterations + 1; i++) {            resultHash = Buffer.concat([resultHash, TlsMasterSecret.HMAC_hash(secret, A[i])]);        }        return resultHash;    }    static HMAC_hash(secret, seed) {        const hmac = crypto.createHmac("sha256", secret);        hmac.update(seed);        return hmac.digest();    }}

then I create the Finished message from 0x1400000c followed by 12 bytes of verify_data

verify_data is generated like this:

// I strip the record layer headers off the messagesclient_hello = 0x0100002f03032668f90d7d3b3420f7712a3004247d233d90cc63fb4b23f77912b31c8c89893b000008002f0035003c003d0100server_hello = 0x0200002603031296263fba0a7955a83b2bf9c3716c8ee1c52e9065b89ee5649b31391d7ce84700002f00certificate = 0b00034e00034b00034830820344308202ada00302.......server_hello_done = 0e000000client_key_exchange = 100000820080673f1772e35c7565a1e0c2fae5ee1b5bf92211ba9e4de14620f43856d954cf737aa04c48f8b2ffa182f652fedd68523056acda3c7cd101c5a2c3a625655df67ad9fb7ca082cf68476f174ea7b83eab980b7b15657036ad0e26883c9bfe368847a02b052817cb80dabafc6af1dac8064ea0dc676e0f8ea74f84a122135f31b612handshake_messages = client_hello + server_hello + certificate + server_hello_done + client_key_exchangeverify_data = PRF(master_secret, "client finished", sha256(handshake_messages))[0..12]

then I create the MAC that will go along this message:

// hmac_sha1(secret, seed)// seq_num is a uint64 @ 0 for the first message, 0x00000000// type = 0x16// version = 0x0303// length = 0x0010// content = 0x1400000c + verify_dataMAC = hmac_sha1(client_write_MAC_key, seq_num + type + version + length + content)plaintext = content + MACIV = randomBytes(16)// aes_128_cbc(key, IV, message)ciphertext = aes_128_cbc(client_write_key, IV, plaintext)final = 0x16 + 0x0303 + 0x0040 + IV + ciphertext

if you read all of this and still willing to help thank you so muchI think I followed the specification but I'm getting a bad_record_mac error in wireshark so there's something wrong somewhere, I just can't find it :(

Can someone provide sample C# .NET code to validate the JWT issued by WSO2 API Gateway, which is signed using SHA256withRSA algorithm. I'm pretty sure I need to set the TokenValidationParameters.IssuerSigningToken, and then call JwtSecurityTokenHandler.ValidateToken method, but I haven't been able to get it to work, or find any sample code.

This is what I have so far:

 // Use JwtSecurityTokenHandler to validate the JWT token var tokenHandler = new JwtSecurityTokenHandler(); var convertedSecret = EncodeSigningToken(ConfigurationManager.AppSettings["ClientSecret"]); // Read the JWT var parsedJwt = tokenHandler.ReadToken(token); // Set the expected properties of the JWT token in the TokenValidationParameters var validationParameters = new TokenValidationParameters() {     NameClaimType = "http://wso2.org/claims/enduser",     AuthenticationType = "http://wso2.org/claims/usertype",     ValidAudience = ConfigurationManager.AppSettings["AllowedAudience"],     ValidIssuer = ConfigurationManager.AppSettings["Issuer"],     IssuerSigningToken = new BinarySecretSecurityToken(convertedSecret) }; var claimsPrincipal = tokenHandler.ValidateToken(token, validationParameters, out parsedJwt);