stackoom
  简体   繁体   中英

Python 3 sign a message with key sha512

 原文  2015-10-31 19:05:50       python/ security/ authentication/ hmac/ sha512

Question

I have the following line of code: 

return hmac.new(self.Secret.upper() , message , hashlib.sha512).digest().encode("base64").replace("\n","")

This works fine in Python2, but not in Python 3. As soon as I try in Python 3 I get: 

TypeError: key: expected bytes or bytearray, but got 'str'

from hmac.py . I've of course tried converting self.Secret and message using bytes() and bytearray() , but that hasn't worked either.

I've also tried using hashlib.sha512 to generate the key, but that's not very clear to me. I have a secret API key that needs to be used to sign the POST data and the only clear way to do this is using hmac.new() , but when I finally do get something that can be passed as a string it looks nothing like it should, and as expected I can't authenticate with it.

Another attempt was: 

sign = hashlib.sha512(message_to_sign)
sign.update(self.Secret.upper())

This also produces a string that looks nothing like the working key that comes from the original code in Python 2.7.

I've tried so many other variations as well, but none of them give me anything that works.

2 answers

solution1
 2 ACCPTED  2015-10-31 20:24:07

This one works for me on python 3.4.2: 

print((base64.b64encode(hmac.new(bytearray("SECRET".upper(), "ASCII") , bytearray("TEST","ASCII") , hashlib.sha512).digest())).decode("ASCII").replace("\n", ""))

...and calculates a correct HMAC.

You might want to change "ASCII" to some other encoding.

solution2
 2  2015-10-31 20:31:57

hmac hashing works with binary keys and data. In python2, str is a sequence of 8 bit characters which is interchangable with binary so everything works. In python3, str is a sequence of unicode characters and must be encoded to binary to work. This should work: 

return hmac.new(bytes(self.Secret.upper().encode('ascii')) , bytes(message.encode('ascii') , hashlib.sha512).digest().encode("base64").replace("\n","")

Notice I used ascii encoding but that's just a guess. Your python2 strings may be your local code page and your message may be a binary blob already. You'll need to formalize what encoding you use so that receivers know how to verify the signature.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Python sha512 security SHA512 encoding in python Can't signing a Message using sha512 in python at iconomi Equivalent HMAC SHA512 key of ruby code for Python Hashing in SHA512 using a salt? - Python Hash sha512 contents of a file in python Python SHA512 salted passwords with crypt on MacOS X Problems with Python MD5, SHA512 (+salt) encryption SHA512 Python produced different result for the same string hash_hmac sha512 authentication in python
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM