28

I am taking message and key from this URL

import hmac
import hashlib
import base64
my = "/api/embedded_dashboard?data=%7B%22dashboard%22%3A7863%2C%22embed%22%3A%22v2%22%2C%22filters%22%3A%5B%7B%22name%22%3A%22Filter1%22%2C%22value%22%3A%22value1%22%7D%2C%7B%22name%22%3A%22Filter2%22%2C%22value%22%3A%221234%22%7D%5D%7D"
key = "e179017a-62b0-4996-8a38-e91aa9f1"
print(hashlib.sha256(my + key).hexdigest())

I am getting this result:

2df1d58a56198b2a9267a9955c31291cd454bdb3089a7c42f5d439bbacfb3b88

Expecting result:

adcb671e8e24572464c31e8f9ffc5f638ab302a0b673f72554d3cff96a692740
Venkatesh Panabaka
  • 2,064
  • 4
  • 19
  • 27

5 Answers5

41

You are not making use of hmac at all in your code.

Typical way to use hmac, construct an HMAC object from your key, message and identify the hashing algorithm by passing in its constructor:

h = hmac.new( key, my, hashlib.sha256 )
print( h.hexdigest() )

That should output 

adcb671e8e24572464c31e8f9ffc5f638ab302a0b673f72554d3cff96a692740

for your example data.

Neil Slater
  • 26,512
  • 6
  • 76
  • 94
  • ```h = hmac.new(base64.b32encode(key), my, hashlibsha256)``` to make sure that key is always valid bas32 encoded string. – shantanoo Aug 27 '23 at 04:49
35

For later versions of python, you need a mix of all of the other answers to get the OPs output. The hmac.new function wants the key argument to be of type bytes or bytearray, so running the code in Neil Slater's answer would produce the following error:

TypeError: key: expected bytes or bytearray, but got 'str'

Even if the key argument were fixed, the hmac.new function would then complain about the my string with the following error:

TypeError: Unicode-objects must be encoded before hashing

To fix both of these, the bytes function from Sujoy's answer and the encode method from Wilson Wu's answer are used to convert the variables into the correct types.

import hashlib
import hmac

# my and key as per question
my = "/api/embedded_dashboard?data=%7B%22dashboard%22%3A7863%2C%22embed%22%3A%22v2%22%2C%22filters%22%3A%5B%7B%22name%22%3A%22Filter1%22%2C%22value%22%3A%22value1%22%7D%2C%7B%22name%22%3A%22Filter2%22%2C%22value%22%3A%221234%22%7D%5D%7D"
key = "e179017a-62b0-4996-8a38-e91aa9f1"

# encoding as per other answers
byte_key = bytes(key, 'UTF-8')  # key.encode() would also work in this case
message = my.encode()

# now use the hmac.new function and the hexdigest method
h = hmac.new(byte_key, message, hashlib.sha256).hexdigest()

# print the output
print(h)

The output that this prints is

adcb671e8e24572464c31e8f9ffc5f638ab302a0b673f72554d3cff96a692740

exactly as the OP expected.

Bilbottom
  • 725
  • 8
  • 12
7

Some code for you, easy to use:

import hmac
import hashlib
import binascii

def create_sha256_signature(key, message):
    byte_key = binascii.unhexlify(key)
    message = message.encode()
    return hmac.new(byte_key, message, hashlib.sha256).hexdigest().upper()

create_sha256_signature("E49756B4C8FAB4E48222A3E7F3B97CC3", "TEST STRING")
Wilson Wu
  • 1,790
  • 19
  • 13
1

A note to Wilson WU's answer, if both the key and messages are hex, the returned value is wrong, just change below line of code to fix that ;

message = message.encode() ---> message = message.binascii.unhexlify(message)

M.Emin
  • 63
  • 7
1

It may be too late. Yet, posting what worked for me just in case it works for someone else -

import hmac
import hashlib
import base64

access_token = <your token in string format>
app_secret = <your secret access key in string format>

# use any one, all three options work.
# OPTION 1 (it works)
# digest = hmac.new(app_secret.encode('UTF-8'),
#                   access_token.encode('UTF-8'), hashlib.sha256)
# OPTION 2 (it works)
# digest = hmac.new(str.encode(app_secret),
#                   str.encode(access_token), hashlib.sha256)
# OPTION 3 (it works)
digest = hmac.new(bytes(app_secret, 'UTF-8'),
                bytes(access_token, 'UTF-8'), hashlib.sha256)
signature = digest.hexdigest()
print(signature)
Sujoy
  • 1,186
  • 1
  • 9
  • 12