7

I'm trying to send a SHA256 hashed string over HTTP to a server, where I want to authenticate by performing a SHA256 hash and verifying the two match. For testing purposes I'm using the same string, however my results do not match up. Could this be something with default encoding schemes for my base64_encode calls? Thanks.

In PHP I'm doing:

$sha = hash("sha256", $url, true);
$sha = base64_encode(urlencode($sha));

And in Go I'm doing

//convert string to byte slice
converted := []byte(to_hash)

//hash the byte slice and return the resulting string
hasher := sha256.New()
hasher.Write(converted)
return (base64.URLEncoding.EncodeToString(hasher.Sum(nil)))
hakre
  • 193,403
  • 52
  • 435
  • 836
user387049
  • 6,647
  • 8
  • 53
  • 55
  • 1
    make sure the two strings are absolutely identical before you start working on them. you could have a hidden char (linebreak, space, tab, etc...) at the tail end in one of the languages, which will completely alter the hash value. – Marc B Apr 19 '13 at 19:03
  • Make sure you're using the same string encoding. – SLaks Apr 19 '13 at 19:04
  • I'm using the word "test" hardcoded in on both sides just to make sure, still not working. – user387049 Apr 19 '13 at 19:05

1 Answers1

6

I was able to figure it out after a while. I standardized both to hexadecimal encoding. To accomplish this I changed the code as follows:

PHP:

$sha = hash("sha256", $url, false); //false is default and returns hex
//$sha = base64_encode(urlencode($sha)); //removed

Go:

//convert string to byte slice
converted := []byte(to_hash)

//hash the byte slice and return the resulting string
hasher := sha256.New()
hasher.Write(converted)
return (hex.EncodeToString(hasher.Sum(nil))) //changed to hex and removed URLEncoding
user387049
  • 6,647
  • 8
  • 53
  • 55