stackoom
  简体   繁体   中英

HMAC Base64 Authentication?

 原文  2017-12-14 05:24:22       php/ node.js/ base64/ sha/ hmac

Question

I have no clue what's even going on in this but I am attempting to use an API and they have yet another different authentication standard called HMAC with Sha384 to base64.

This is the example provided: 

class ICObenchAPI {

private $privateKey = 'private-key';
private $publicKey  = 'public-key';
private $apiUrl     = 'https://icobench.com/api/v1/';
public  $result;

public function getICOs($type = 'all', $data = ''){ 
    return $this->send('icos/' . $type, $data); 
}   
public function getICO($icoId, $data = ''){ 
    return $this->send('ico/' . $icoId, $data); 
}       
public function getOther($type){ 
    return $this->send('other/' . $type, ''); 
}

private function send($action, $data){

    $dataJson = json_encode($data);                 
    $sig = base64_encode(hash_hmac('sha384', $dataJson, $this->privateKey, true));  

    $ch = curl_init($this->apiUrl . $action);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); 
    curl_setopt($ch, CURLOPT_POSTFIELDS, $dataJson);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        'Content-Type: application/json',
        'Content-Length: ' . strlen($dataJson),
        'X-ICObench-Key: ' . $this->publicKey,
        'X-ICObench-Sig: ' . $sig)
    );

    $reply = curl_exec($ch);
    $ff = $reply;
    $reply = json_decode($reply,true);

    if(isset($reply['error'])){
        $this->result = $reply['error'];
        return false;
    }else if(isset($reply['message'])){
        $this->result = $reply['message'];
        return true;
    }else if(isset($reply)){
        $this->result = json_encode($reply);
        return true;
    }else{
        $this->result = htmlspecialchars($ff);
        return false;
    }
}

public function result(){
    return $this->result;
}

}

I'm looking to take the PHP example provided and turn it into a nodeJS script, just really don't know where to start. I've looked at crypto-js and others but just don't comperhend what specifically is happening in the request to make since of what i'm even writing

2 answers

solution1
 1  2017-12-14 19:35:18

Crypto-js is the good way to do.

You need to first encrypt your data and then Base64 it to create a signature used in header 

    let dataJSON = JSON.stringify(data);

    let sign = CryptoJS.HmacSHA384(dataJSON, this.privateKey);
    sign = CryptoJS.enc.Base64.stringify(sign);

I pushed on github a working example : ICObenchAPI.js

solution2
 0  2018-02-10 18:35:00

I wrote a Node js wrapper library called node-icobench . You are welcome to use it.

npm install node-icobench

Here is a sneak peek to the HMAC part with a few alterations for the sake of this example: 

const crypto = require('crypto');

// Stringify POST data
let jsonData = JSON.stringify(data);

// Create HMAC based on algo and private key
let hmac = crypto.createHmac('sha384', privateKey);

// Create HMAC Digest of json data
hmac.update(jsonData);

// return Base64 encoding of HMAC
let signedData = hmac.digest('base64');

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to perform HMAC-SHA1 with Base64 Encode? base64 HMAC with SHA256 in Python Trouble creating auth string using PHP HMAC SHA1 and Base64 Encoding PHP POST response's JSON body into HMAC SHA256, and then into Base64 API can't validate hmac + base64 when generated in a function Calculate hmac value with base64 encode using sha256 python Base64 encryption in android Resizing base64 Images Base64 String to Image export an image in base64
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM