How to Get Ruby Generated Hmac for Sha256 That Is Url Safe to Match Java

  • Home
  • Languages
  • Java
  • How to Get Ruby Generated Hmac for Sha256 That Is Url Safe to Match Java

How to get Ruby generated HMAC for SHA256 that is url safe to match Java?

Ruby does not remove the trailing '=' - it is not an absolute requirement, as you can read in RFC 4648 it just states that removing them might be desirable in certain applications. But other than that it is guaranteed that Ruby's URL-safe encoding will be exactly the same as Java's.

So the only thing for you to do is strip off the trailing '==', you could for example use a regex:

encoded_url_safe_.gsub!(/=+$/, "")

Convert C# to Ruby - HMAC SHA256 function

Finally got the monkey of my back!

I don't really need to create a sha256 digest object after all, I just had to put the 'sha256' parameter.

require 'openssl'
require "base64"
#API_KEY = base64 encoded string
key = Base64.decode64(API_KEY)
hash  = OpenSSL::HMAC.digest('sha256', key, "Message")
puts Base64.encode64(hash)

thanks to this link

Node HMAC results differ from both Ruby and Java

Looks like the issue was a conflict in requirements. They wanted a \n to separate parameters and to have it included on the last pair as well. But they also wanted all white space trimmed.

If the trim was done at the end, it was removing that last \n. The trim needed to be done while building the pairs, while leaving \n on all pairs, including the last one.

Clojure (or Java) equivalent to Ruby's HMAC.hexdigest

You are Base64 encoding the digest, whereas you need to convert it to hex. You can do this as @RedDeckWins recommends using map, but it would probably be more efficient to use a Java library. This answer to a similar question uses org.apache.commons.codec.binary.Hex to do the encoding.

For PBKDF2, using HMAC-SHA256 is more secure than using HMAC-SHA-1?

Pro #1: SHA-256 is a longer hash than SHA-1 (256 bits vs. 160 bits), so the chances of finding a collision using pure brute force are much lower. Even with the iteration counts adjusted so that the time to compute a single PBKDF2 hash is the same, you will have to hash 2^96 times as many random inputs to get a match with PBKDF2-SHA-256 than with PBKDF2-SHA-1

Con #1: No one attacks password hashes using pure brute force, they use dictionary attacks, hybrid dictionary attacks, and limited-character-set attacks. All of these use a limited input space small enough that neither PBKDF2-SHA-1 nor PBKDF2-SHA-256 are likely to have any natural collisions. The limited password search space makes the size of the hash irrelevant as long as it's "big enough", and so the only thing affecting the difficulty of an attack is the time to compute a single PBKDF2 hash. Besides, PBKDF2 has a way of stretching the output length to be longer than the underlying hash length, so you can actually make the two have an equivalent output space.

Pro #2: SHA-1 is at least partially broken; cryptanalysis has resulted in attacks that can find collisions faster than brute force. Once an attack is found you can usually expect it to be improved upon — this means that the suitability of SHA-1 for anything that needs to be secure more than a few minutes into the future is in doubt.

Con #2: SHA-1 is "broken" in theory, but the attacks that have been found are still extremely expensive, and as far as I know they're all birthday attacks (which don't help you break a password database) and not pre-image attacks (which do). Furthermore, because PBKDF2 uses many iterations of the hash, combining rounds of hash output with the password over and over, it's difficult to extend an attack on the hash into an attack on PBKDF2. It would take a very grave attack on SHA-1 to make PBKDF2-SHA-1 insecure.

Overall, I think you should prefer PBKDF2-SHA-256 on general principle, but if it's not available, PBKDF2-SHA-1 is still widely-used and a reasonable option for medium-security password hashing at this time.

Calculate HMAC-SHA256 digest in ColdFusion using Java

This is what I ended up doing:

secret = createObject('java', 'javax.crypto.spec.SecretKeySpec' ).Init(my_key.GetBytes(), 'HmacSHA256');
mac = createObject('java', "javax.crypto.Mac");
mac = mac.getInstance("HmacSHA256");
mac.init(secret);
digest = mac.doFinal(my_data.GetBytes());

This gives you the byte array, which you can then convert to a string.


Related Topics

Kotlin-Android: Unresolved Reference Databinding

Android Color Notification Icon

Pixel-Perfect Collision Detection Android

Android 2.2 Wifi Hotspot API

Importing External .Jar File to Android Project

When Onbindviewholder Is Called and How It Works

Attempt to Re-Open an Already-Closed Object: SQLitedatabase

What Does '->' (Arrow) Mean in Gradle's Dependency Graph

How to Exclude an Element from a Firestore Query

Android (Java) Simple Send and Receive with Server - Fast Setup Challenge

Changing Openssl Library in Android App for Httpclient

How to Make Edittext Not Focused When Creating Activity

How to Send Array of Params Using Volley in Android

Getlocationonscreen() VS Getlocationinwindow()

Adb Over Wireless

How to Use Flood Fill Algorithm in Android

Didn't Find Class "Androidx.Core.App.Corecomponentfactory"

Wrong Version of Keystore on Android Call


Leave a reply



Submit