将 HMAC 从 C# 复制到 Python

Question

I'm working with an API provided by a client, who provided sample code on authorizing via C#, but my company works in Python. They authorize via HMAC, and following their sample code (on .net fiddle), I finally got to the point where our byte key and byte message match those of the C# call.

However, when we get to this in their code:

using (HMACSHA256 sha = new HMACSHA256(secretKeyByteArray))
    {
        // Sign the request
        byte[] signatureBytes = sha.ComputeHash(signature);

Where our equivalent is

signature_hmac = hmac.new(
    base64.b64decode(secretKey),
    bytes(message, "utf8"),
    digestmod=hashlib.sha256,
)

The byte value of their signatureBytes doesn't match with the byte value of our signature_hmac.digest() . If using the same hashing libraries, and the byte values of the inputs match, we should get the same result, right?

To make sure, when I say byte values match, the value of base64.b64decode(secretKey) (Python) matched var secretKeyByteArray = Convert.FromBase64String(secretKey); (C#).

Answer 1

Worked for me, make sure your input arrays are EXACTLY the same on both. I think you might be missing a base64 decode or encoding the strings differently.

Here's my 2 tests:

secretKey = "wxyz".encode()
message = "abcd".encode()
signature_hmac = hmac.new(
    secretKey,
    message,
    digestmod=hashlib.sha256,
)
x = signature_hmac.hexdigest()

and C#

byte[] signatureBytes;
byte[] secretKeyByteArray = Encoding.UTF8.GetBytes("wxyz");
byte[] signature = Encoding.UTF8.GetBytes("abcd");
using (HMACSHA256 sha = new HMACSHA256(secretKeyByteArray))
{
    signatureBytes = sha.ComputeHash(signature);
};

string x = Convert.ToHexString(signatureBytes);