using methods base64 module in conjunction with Crypto.Hash.SHA256

Discussion in 'Python' started by mirandacascade@yahoo.com, Dec 20, 2006.

  1. Guest

    I am attempting to implement a process, and I'm pretty sure that a
    major roadblock is that I do not understand the nomenclature. The
    specs indicate that the goal is to calculate a message digest using an
    SHA-256 algorithm. There are 2 examples included with the specs. The
    label on the 2 examples are: 'HMAC samples'. In both examples, the
    message on which the digest is to be calculated is (the 33 chars within
    the quotes):

    'This is a test of VISION services'

    In the first example, the value labeled 'Shared key' is the 44
    characters within the quotes:
    '6lfg2JWdrIR4qkejML0e3YtN4XevHvqowDCDu6XQEFc='
    and the value labeled 'Base64 Message Hash' is the 44 characters within
    the quotes:
    'KF7GkfXkgXFNOgeRud58Oqx2equmKACAwzqQHZnZx9A='

    In the second example, the value labeled 'Shared key' is the 44
    characters within the quotes:
    'jcOv3OBKVNBT8Zk+ZFacrDYNsKlm3D8TGGJyXti//p4='
    and the value labeled 'Base64 Message Hash' is the 44 characters within
    the quotes:
    'XhqneGN0x5I8JVvatXO9z0EBQRre3svFVc+q2lLE3Ik='

    My interpretation of the first example is this: when you use an SHA-256
    algorithm to calculate a message digest on the message 'This is a test
    of VISION services' where the key is
    '6lfg2JWdrIR4qkejML0e3YtN4XevHvqowDCDu6XQEFc=', the result should be:
    'KF7GkfXkgXFNOgeRud58Oqx2equmKACAwzqQHZnZx9A=' .

    Operating system: Win XP
    Version of Python: 2.4 (with PyCrypto package installed)

    Interactive window of Pythonwin displays how I thought one might
    implement the process.

    >>> from Crypto.Hash import SHA256
    >>> import base64
    >>> digestStr = 'This is a test of VISION services'
    >>> from Crypto.Hash import HMAC
    >>> samp1Key = '6lfg2JWdrIR4qkejML0e3YtN4XevHvqowDCDu6XQEFc='
    >>> samp1CalcDigest = HMAC.new(samp1Key, digestStr, SHA256)
    >>> samp1Hash = base64.b64encode(samp1CalcDigest.digest())
    >>> samp1Hash

    '35RYYwgt7Bp1Dj9onZiIkSz1PxgKM9UYXCgxlDdWGkA='
    >>> samp2Key = 'jcOv3OBKVNBT8Zk+ZFacrDYNsKlm3D8TGGJyXti//p4='
    >>> samp2CalcDigest = HMAC.new(samp2Key, digestStr, SHA256)
    >>> samp2Hash = base64.b64encode(samp2CalcDigest.digest())
    >>> samp2Hash

    'RtmPKhflZ/BX3yrhl83pDsdCR5A2kwKP6dVnAyBl9tc='
    >>>


    I was hoping that samp1Hash and samp2Hash would be the same as the
    values labled 'Base64 Message Has' in the examples...they are not the
    same.

    My questions are:
    1) Given the terminology identified above, do you think my
    interpreation of the first example is accurate? If not, what is a more
    accurate interpretation?
    2) If the interpretation of the first example is on target, do you see
    anything above in the use of the SHA256, HMAC and base64
    classes/methods that indicates that I did not correctly implement the
    process?


    Thank you.
    , Dec 20, 2006
    #1
    1. Advertising

  2. Klaas Guest

    wrote:
    > I am attempting to implement a process, and I'm pretty sure that a
    > major roadblock is that I do not understand the nomenclature. The
    > specs indicate that the goal is to calculate a message digest using an
    > SHA-256 algorithm. There are 2 examples included with the specs. The
    > label on the 2 examples are: 'HMAC samples'. In both examples, the
    > message on which the digest is to be calculated is (the 33 chars within
    > the quotes):
    >
    > 'This is a test of VISION services'
    >
    > In the first example, the value labeled 'Shared key' is the 44
    > characters within the quotes:
    > '6lfg2JWdrIR4qkejML0e3YtN4XevHvqowDCDu6XQEFc='


    I doubt it. That is a base64 encoded value, not the value itself.

    <>
    > My interpretation of the first example is this: when you use an SHA-256
    > algorithm to calculate a message digest on the message 'This is a test
    > of VISION services' where the key is
    > '6lfg2JWdrIR4qkejML0e3YtN4XevHvqowDCDu6XQEFc=',


    This isn't the key, but the base64-encoded key.

    > the result should be:
    > 'KF7GkfXkgXFNOgeRud58Oqx2equmKACAwzqQHZnZx9A=' .


    This isn't the result, but the base64-encoded result.

    > 2) If the interpretation of the first example is on target, do you see
    > anything above in the use of the SHA256, HMAC and base64
    > classes/methods that indicates that I did not correctly implement the
    > process?


    You should base64 decode the key before passing it to the HMAC
    constructor.

    -Mike
    Klaas, Dec 20, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page