stackoom
  简体   繁体   中英

how do I sign sha1 signature in Django?

 原文  2011-05-18 13:34:49       python/ django/ sha1/ digital-signature

Question

I have not really dug in deep into django and signatures

I am trying to create a signature based on a given requirements

i = my username, v = expiration, and s = signature

i: MYUSERNAME
v: UNIX TIMESTAMP + 2 hours
a: MY_API_KEY
s: SHA1 SIGNATURE that is ("i=MYUSERNAME&v=(UNIX_TIMESTAMP + API_KEY)")

What I have so far. 

import hashlib
import datetime
from datetime import timedelta
import time

now = datetime.datetime.now()
now = now + timedelta(hours=2)
seconds = time.mktime(now.timetuple())
seconds = seconds
API = "87df234207v4444444"
signature = hashlib.sha1()
signature.update("i=MYUSERNAME&v=%s%s" % (seconds, API))

Then when I ping the url, I get a "Bad Signature" response

Again my knowledge in this area is limited, your help is much appreciated

and the valid iframe to get the correct code is http://api.myurl.com/i=MYUSERNAME&v=UNIX TIMESTAMP + 2 HOURS&s=MY VALID SIGNATURE

PDF Documentation

Imagine that we need to calculate the signature for the following URI:

http://framed.incloode.com/index.php?i=TEST&arg1=val1&arg2=val2&t=123
The method to calculate the signature is as follows:

  • Go through the full list of parameters and the values,
  • Append these into one long string HTML safestring,like a normal GET request,
    • For the above URI this long string would end-up looking like this: i=TEST&arg1=val1&arg2=val2&t=123
  • To specify until when this link should be valid, a validity must be added. The validity is a UNIX timestamp – for a validity of 2 hours, the value time() + 7200 should be passed. This validity (parameter and value) must also appended to the string to sign. For the above URI this would now look like this: i=TEST&arg1=val1&arg2=val2&t=123&v=1444567890 The requests in the initial URI should be replaced by this list.
  • The above collected string is then decoded from HTML(htmlspecialchars_decode()) so one ends up with a string looking like this: i=TEST&arg1=val1&arg2=val2&t=123&v=1444567890
  • The “INCLOODE_API_SECRET” that you have been supplied with must be appended to this string: i=TEST&arg1=val1&arg2=val2&t=123&v=1444567890**INCLOODE_API_SECRET**
  • Then,finallytheSHA1checksumofthatstringmustbegenerated.Then,itis appended to the parameter/value list retrieved at step (3). This could end up looking like this: http://framed.incloode.com? i=TEST&arg1=val1&arg2=val2&t=123&v=1444567890&s=abcdef0123456789

1 answers

solution1
 0  2011-05-18 13:49:24

The only thing I can see from your description is that you are not grabbing the hex digest at the end, which I can only assume is what the server expects. Send this value instead:

hashed = signature.hexdigest()

Otherwise please post the documentation for this web service and make sure you are honoring case requirements (you never know...)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do you verify an RSA SHA1 signature in Python? How do you verify an RSA SHA1 signature in pyOpenSSL Python: How to verify sha1 rsa signature with pyopenssl? pyOpenSSL's PKCS7 object provide very little information, how can I get the sha1 digest of the public key in the signature Django : crypt password with SHA1 Trying to verify SHA1 message signature using Python. What am I doing wrong? django-registration and sha1 as hash algorithm How to refer to images stored in SHA1 hash form in django template downloaded by scrapy How do I sign a POST request using HMAC-SHA512 and the Python requests library? Why do I get a different SHA1 hash between Powershell and 32bit-Python on a system DLL?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM