4

I'm creating a signed request (SHA256 and base64) using Java and validating this request in Python. The keys that I generated are really similar:

Java:

UjuGTll3GF7H8MHWyJc41NAEcd-OZOeJLT9PiAevcsw

Python :

UjuGTll3GF7H8MHWyJc41NAEcd+OZOeJLT9PiAevcsw

The only diference happens with char + and char -. I cannot change the java code because I don't have access to it, I only know that it uses javax.crypto.Mac. However, my python code is:

import hmac
import hashlib
hmac.new(api_secret, url, hashlib.sha256).digest().encode('base64')

The variables api_secret and url have the same input in both languages (Java and Python)

What am I missing?

Improve this question

1 Answer 1

Reset to default
1

digest() returns a string, so encode is just the standard encode method. According to the list of standard encodings, specifying base64 as the encoding means that base64.encodestring will be used. The alphabet used by that function includes + and /, which are the last two characters in the standard Base64 alphabet:

>>> base64.encodestring(chr(248))
'+A==\n'

If you want an encoded string that uses - and _ instead of + and /, you need to use base64.urlsafe_b64encode:

>>> base64.urlsafe_b64encode(chr(248))
'-A=='

So you'd need to do something like:

base64.urlsafe_b64encode(hmac.new(api_secret, url, hashlib.sha256).digest())

For this to work, though, you need to check that the Java code is also producing _ instead of /, like urlsafe_b64encode.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.