使用JavaScript使用HmacSHA256正确签名字符串 [英] Using JavaScript to properly sign a string using HmacSHA256

问题描述

在用于身份验证的Houndify API文档中，您有以下内容块：

In the Houndify API Docs for Authentication, you have the following block of content:

假设我们有以下信息：

UserID: ae06fcd3-6447-4356-afaa-813aa4f2ba41
    RequestID: 70aa7c25-c74f-48be-8ca8-cbf73627c05f
    Timestamp: 1418068667   
    ClientID: KFvH6Rpy3tUimL-pCUFpPg==
    ClientKey: KgMLuq-k1oCUv5bzTlKAJf_mGo0T07jTogbi6apcqLa114CCPH3rlK4c0RktY30xLEQ49MZ-C2bMyFOVQO4PyA==

1. 连接UserID字符串RequestID字符串和TimeStamp字符串采用以下格式： {user_id}; {request_id} {timestamp}

使用示例中的值，在这种情况下，预期输出将是： ae06fcd3-6447-4356-afaa-813aa4f2ba41; 70aa7c25-c74f-48be-8ca8-cbf73627c05f1418068667

With the values from the example, the expected output would be in this case: ae06fcd3-6447-4356-afaa-813aa4f2ba41;70aa7c25-c74f-48be-8ca8-cbf73627c05f1418068667

使用已解码的ClientKey对消息进行签名。结果是一个32字节的二进制字符串（我们无法直观地表示）。但是，在base-64编码之后，签名为： myWdEfHJ7AV8OP23v8pCH1PILL_gxH4uDOAXMi06akk =

Sign the message with the decoded ClientKey. The result is a 32-byte binary string (which we can’t represent visually). After base-64 encoding, however, the signature is: myWdEfHJ7AV8OP23v8pCH1PILL_gxH4uDOAXMi06akk=

客户端然后生成两个身份验证标头 Hound-Request-Authentication 和 Hound-Client-Authentication 。

The client then generates two authentication headers Hound-Request-Authentication and Hound-Client-Authentication.

Hound-Request -Authentication头是通过以下列格式连接UserID和RequestID组成的： {user-id}; {request-id} 。继续上面的例子，这个标题的值是：
Hound-Request-Authentication： ae06fcd3-6447-4356-afaa-813aa4f2ba41; 70aa7c25-c74f-48be-8ca8-cbf73627c05f

The Hound-Request-Authentication header is composed by concatenating the UserID and RequestID in the following format: {user-id};{request-id}. Continuing the example above, the value for this header would be: Hound-Request-Authentication: ae06fcd3-6447-4356-afaa-813aa4f2ba41;70aa7c25-c74f-48be-8ca8-cbf73627c05f

Hound-Client-Authentication标头是通过以下格式连接ClientID，TimeStamp字符串和签名组成的： {客户端ID}; {时间戳}; {签名} 。继续上面的示例，此标头的值为： Hound-Client-Authentication：KFvH6Rpy3tUimL-pCUFpPg ==; 1418068667; myWdEfHJ7AV8OP23v8pCH1PILL_gxH4uDOAXMi06akk =

The Hound-Client-Authentication header is composed by concatening the ClientID, the TimeStamp string and the signature in the following format: {client-id};{timestamp};{signature}. Continuing the example above, the value for this header would be: Hound-Client-Authentication: KFvH6Rpy3tUimL-pCUFpPg==;1418068667;myWdEfHJ7AV8OP23v8pCH1PILL_gxH4uDOAXMi06akk=

---

对于Number 3，它表示使用已解码的ClientKey对消息进行签名。 message和ClientKey是两个不同的字符串。

---

For Number 3, it says "Sign the message with the decoded ClientKey". The "message" and "ClientKey" are two distinct strings.

我的问题：你如何用另一个字符串签署一个字符串，即这究竟是什么意思？你会怎么用JavaScript做的？

My question(s): How do you sign one string with another string i.e. what exactly does that mean? And how would you do that in JavaScript?

var message = 'my_message';
var key = 'signing_key';

//??what next??

我正在尝试解决所有问题，以便我可以在Postman中创建一个预请求脚本做一个正确的HmacSHA256哈希。

I'm trying to figure all this out so I can create a pre-request script in Postman to do a proper HmacSHA256 hash.

推荐答案

根据文档，如果您使用的是其中一个SDK，它将自动进行身份验证您的请求：

According to the documentation, if you're using one of their SDKs, it will automatically authenticate your requests:

SDK已经为您处理身份验证。您只需提供
SDK，其中包含在创建
客户端时为其生成的客户端ID和客户端密钥。如果您没有使用SDK，请使用右侧的代码
示例生成您自己的HTTP标头，以验证您的请求
。

SDKs already handle authentication for you. You just have to provide the SDK with the Client ID and Client Key that was generated for your client when it was created. If you are not using an SDK, use the code example to the right to generate your own HTTP headers to authenticate your request.

但是，如果你想手动完成，我相信你需要计算 HMAC 他们在您的问题中的链接中描述的字符串的值，然后在您的请求中将其作为 Hound-Client-Authentication 标头的一部分发送base64编码。他们为node.js提供示例：

However, if you want to do it manually, I believe you need to compute the HMAC value of the string they describe in the link in your question and then send it base64 encoded as part of the Hound-Client-Authentication header in your requests. They provide an example for node.js:

var uuid = require('node-uuid');
var crypto = require('crypto');

function generateAuthHeaders (clientId, clientKey, userId, requestId) {

    if (!clientId || !clientKey) {
        throw new Error('Must provide a Client ID and a Client Key');
    }

    // Generate a unique UserId and RequestId.
    userId      = userId || uuid.v1();

    // keep track of this requestId, you will need it for the RequestInfo Object
    requestId   = requestId || uuid.v1();

    var requestData = userId + ';' + requestId;

    // keep track of this timestamp, you will need it for the RequestInfo Object
    var timestamp   = Math.floor(Date.now() / 1000),  

        unescapeBase64Url = function (key) {
            return key.replace(/-/g, '+').replace(/_/g, '/');
        },

        escapeBase64Url = function (key) {
            return key.replace(/\+/g, '-').replace(/\//g, '_');
        },

        signKey = function (clientKey, message) {
            var key = new Buffer(unescapeBase64Url(clientKey), 'base64');
            var hash = crypto.createHmac('sha256', key).update(message).digest('base64');
            return escapeBase64Url(hash);

        },

        encodedData = signKey(clientKey, requestData + timestamp),
        headers = {
            'Hound-Request-Authentication': requestData,
            'Hound-Client-Authentication': clientId + ';' + timestamp + ';' + encodedData
        };

    return headers;
};

这篇关于使用JavaScript使用HmacSHA256正确签名字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！