- How to create signature using PHP
I need to use an API but first to login I need to create signature.
1. Concatenate the API key with the current timestamp in the format below:<<APIKEY>>_<<timestamp(yyyy'-'MM'-'ddTHH:mm:ss.fffZ)>>and this step is easy:
hash('sha256', $data);result is:9952375a30708b46739986482303cae30ad51fc9a362b5794d298dfc22f7ec02and this is correct result
The next step is:
2. The combination of the created signature along with the provided API secret key will act as thedigital signature of the call.I have API secret key like:
-----BEGIN PUBLIC KEY-----9IGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgBSU90PX4WyXFAZ/+M84dJNEi/0j5OermfydTU4g2JvnpO6BOQjNpb5+mOLjVoij7DWTdDtx1WThRm04N3DVuyh+a5cledvMbcngvyiXpQCdskT9bVmI4QLbmRny46S7MER1jhziMQRfRw9gbmlB2iCEqn21kDr842Q+WDtLE4QIDAQA9-----END PUBLIC KEY-----How I can get Digital signature with a combination of created signature and provided API secret key?
There is an Python example like:
key = api_key + '_' + timestampprint "message", keysha_hash = hashlib.sha256(key).hexdigest()print "sha256 hash:", sha_hashrsa_key = RSA.importKey(pub_key)cipher = PKCS1_v1_5.new(rsa_key)signature = base64.encodestring(cipher.encrypt(sha_hash))but how I can get signature using PHP?
- How to ignore signature hash algorithm requested by server during TLS1.2 handshake?
I have a C# application making a successful TCP TLS 1.0 connection with mutual authentication to another company's server. It is implemented using SslStream class. We are just one of many clients of this very large organisation.
This TCP link above must undergo TLS 1.2 + SHA2 upgrade. After doing all necessary steps on our side and successful testing with our local servers we are still failing all attempts to connect to the remote server. A lengthy investigation revealed that during TLS Handshake the server is sending to us a certificate request with only option for Signature Hash Algorithm = SHA1-RSA (see picture below). Our cerificate is SHA256. As a result, SslStream is not sending our certificate to the server at all and the server sees this as a Handshake Failure and closes down the connection.
The reason for this nuisance is that our counterparty uses very old (10.x) version of F5 firewall to terminate SSL. It only sends SHA1/RSA Signature Hash Algorithm in the certificate request although it supports the client’s SHA2 certificates.
While admitting the facts above, our counterparty is unable to upgrade F5 soon enough. They suggested to ignore the requested Signature Hash Algorithm and send our SHA256 certificate anyway. Apparently other clients connecting to them were able to do that somehow.
Unfortunately,.Net's SslStream does not provide that level of fine tuning for TLS handshake.
Hence the question: is it possible to ignore the server's request for SHA1RSA-based certificate at all? What options do I have? Are there SslStream alternatives that implement TLS 1.2? Is there an open-source third-party solution? Any suggestion would be helpful. Thanks in advance.
- Hashing a list of email addresses in SQL
I have a list of around 40,000 email addresses. I need to hash them using SHA-256 & generate an individual hash for each email address. I've been told that I can do this via SQL but after a lot of Googling & trying to guess my way through it as a layperson I haven't had any success.
- Why does a hash value change while hashing from different file formats? [on hold]
I have observed that when I hash data from a *.txt file and a *.docx file the both hash generated are different even though the data is same in both the file.Why does this happen?
- SHA1 vs md5 vs SHA256: which to use for a PHP login?
I'm making a php login, and I'm trying to decide whether to use SHA1 or Md5, or SHA256 which I read about in another stackoverflow article. Are any of them more secure than others? For SHA1/256, do I still use a salt?
Also, is this a secure way to store the password as a hash in mysql?
function createSalt(){ $string = md5(uniqid(rand(), true)); return substr($string, 0, 3);}$salt = createSalt();$hash = sha1($salt . $hash);