12

can anybody tell me why amazon want a base64 of the hmac-sha1/sha256 hash?

http://docs.amazonwebservices.com/AmazonSimpleDB/latest/DeveloperGuide/HMACAuth.html

I know that base64 is to represent binary date in ascii but sha1/sha256 is already ascii – I mean its only hex.

Thanks

Timo

tuna
  • 931
  • 2
  • 10
  • 28

2 Answers2

25

Those hashes are not ASCII–the reason you see hex digits is because the software you use to generate them takes the binary output of the digest and turns it into an ASCII string of hex digits.

For instance, the MD5 digest will fill an array of 16 bytes. You can also represent it as a string of 32 characters, but the most basic form of the digest is still the array of bytes.

When you change an array of bytes into a hex string, you need 8 bits (one full character) to represent every 4 bits of data. Although it's not frequently called that way, you could say that this uses "base16" encoding, since you're grabbing 4 bits at a time and mapping them to a 16-character alphabet.

Base64, on the other hand, grabs 6 bits at a time and maps them to a 64-character alphabet. This means that you need 8 bits (again, one full character) to represent every 6 bits of data, which has half the wasted bits of base16. A base16-encoded string will always be twice as big as the original; a base64-encoded string will only be four thirds as big. For a SHA256 hash, base16 does 64 bytes, but base64 does approximately 43.

zneak
  • 134,922
  • 42
  • 253
  • 328
  • @zneak Is space efficient the reason to use Base 64 encoding on a hash.Isn't it that if we need to send this hash we need that hash to be representable as text and Base64 does that by limiting the binary data to a set of 64 mostly overlapping characters from most of the common encodings ? – crackerplace Sep 29 '14 at 14:31
  • @zneak I mean by giving the hash a presentable form on any computer. – crackerplace Sep 29 '14 at 14:38
  • 1
    @whokares, both hex encoding and base64 will turn a hash into a valid ASCII string. If you care about nothing but that, either will work. However, a hex string (where bytes are each represented as two ASCII characters between 0 and F) will take twice as much space as the original, while the base64 version will only take four thirds as much space. A hex-encoded SHA-256 is 64 bytes, while a base64-encoded SHA-256 is more or less 43 bytes. – zneak Sep 29 '14 at 14:45
  • @zneak.kool Thanks.To answer the question in a different way,Amazon needs hash to be sent in Base64 format so that the hash doesn't get garbled during the request transit and for that it needs to be in printable text format. Of course this is the definition of encoding :-). – crackerplace Sep 29 '14 at 14:57
8

For example, the bytes, hex, and base64 samples below encode the same bytes:

  • bytes: 243 48 133 140 73 157 28 136 11 29 189 101 194 101 116 64 172 227 220 78
  • hex: f330858c499d1c880b1dbd65c2657440ace3dc4e
  • base64: 8zCFjEmdHIgLHb1lwmV0QKzj3E4=.

It's only that AWS requires its values to be base64 encoded.

Dan D.
  • 73,243
  • 15
  • 104
  • 123
  • Ok, but are there any benefits of using base64 instead of hex? I mean why does Amazon use base64 and not hex? – tuna Mar 12 '12 at 09:53
  • 3
    base64 encodes the same values in fewer ASCII characters. And because they also use public key signatures which are commonly encoded with base64 in their requests, they might have thought that using the one encoding for all the values made sense. – Dan D. Mar 12 '12 at 12:28