Base64 HMAC SHA1 VBA中的字符串 [英] Base64 HMAC SHA1 String in VBA
问题描述
我正在尝试将ASP / VBScript OAuth库转换为VBA。其中一个挑战是这一行代码:
Get_Signature = b64_hmac_sha1(strSecret,strBaseSignature)
此函数b64_hmac_sha1实际上是JavaScript库中包含的函数。在我看来,从VBA调用JavaScript函数是不切实际的。
因为我对加密知之甚少,所以对于这个b64_hmac_sha1函数来说,这甚至不清楚。 HMAC SHA1是否与SHA1不同?
我怀疑我可能会在线找到一些VBA代码,做我需要做的,如果我只是了解这个功能是什么其实在做。如果我没有找到一个现有的函数,我可以编写一个使用.NET加密库(你可以从VBA调用.NET加密库,如果你知道如何)。
我不是在寻找有人把这个JavaScript转换成VBA。我只是想了解这个b64_hmac_sha1函数输出的是什么,所以我可以尝试找到在VBA中实现相同输出的方法。
一个副本的这个JavaScript库可以在这个网站上看到。您将不得不通过VBScript向下滚动到JavaScript部分。
Edit1:
好的,所以这里是我最后写的和使用的功能:
公共功能Base64_HMACSHA1(ByVal sTextToHash As String,ByVal sSharedSecretKey As String)
Dim asc As Object,enc As Object
Dim TextToHash ()As Byte
Dim SharedSecretKey()As Byte
Set asc = CreateObject(System.Text.UTF8Encoding)
设置enc = CreateObject(System.Security.Cryptography.HMACSHA1)
TextToHash = asc.Getbytes_4(sTextToHash)
SharedSecretKey = asc.Getbytes_4(sSharedSecretKey)
enc.Key = SharedSecretKey
Dim bytes()As Byte
bytes = enc.ComputeHash_2((TextToHash))
Base64_HMACSHA1 = EncodeBase64(bytes)
Set asc = Nothing
设置enc = Nothing
结束函数
私有函数EncodeBase64(ByRef arrData()As Byte)As String
Dim objXML As MSXML2.DOMDocument
Dim objNode As MSXML2.IXMLDOMElement
设置objXML =新的MSXML2.DOMDocument
'字节数组到base64
设置objNode = objXML.createElement(b64)
objNode.DataType =bin .base64
objNode.nodeTypedValue = arrData
EncodeBase64 = objNode.Text
设置objNode = Nothing
设置objXML =没有
结束功能
使用此功能:
Debug.Print Base64_HMACSHA1(abc,123)
VAsMU9SSWDe9krP3Gr56nXC2dsQ =
HMAC是将哈希函数(如SHA1)转换为消息认证码(MAC)。
正常哈希函数没有与之相关联的任何秘密数据。这意味着任何人都可以计算摘要,假设它们具有原始输入。 HMAC使用秘密密钥,因此只有那些拥有密钥的人可以计算输出。
假设我有一个文件file.txt。我想把这个发送给你,我们需要确保没有人篡改。对不起,我没有聪明的方式来代表这个只是文字。
我 - > file.txt - >你
我 - > SHA1(file.txt) - >您
然后,通过计算您自己的SHA1摘要来验证结果,并验证其与我发送给您的结果。
现在假设攻击者在中间。不幸的是,由于没有秘密涉及,攻击者可以修改文件,并计算自己的文件/摘要对。当你计算你的版本,它会匹配他发给你的,你不会更聪明。
我 - > file.txt - >攻击者 - > modified.txt - >你
我 - > SHA1(file.txt) - >攻击者 - > SHA1(modified.txt) - >你
使用HMAC,我们在计算中添加一个秘密密钥。
我 - > file.txt - >你
我 - > SHA1_HMAC(file.txt,our_secret) - >您
当您计算版本时,您也应用密钥,结果匹配。攻击者,无关键的知识,无法取代摘要。
我 - > file.txt - >攻击者 - > modified.txt - >你
我 - > SHA1(file.txt) - >攻击者 - > SHA1_HMAC(modified.txt,//不知道键) - >你
HMAC是一种非常具体的添加秘密密钥的方法。不幸的是,将密钥连接到文件末尾或在散列之前预先挂起的简单方法容易受到不同的攻击(例如长度扩展攻击)。
B64是Base64编码输出,使其变得漂亮。
这个代码最终在做什么是采取一些输入和一些秘密密钥,并计算一个160位的摘要,并对base64进行编码。
有一个实现 SHA1 HMAC in .NET
这个看起来像是用于VBA的Base64的实现
我希望这个答案足够好,还是够清楚。如果文字混乱,请通知我。我尝试了几条如何表达它的路线,没有一个看起来很清楚。
I'm trying to convert an ASP/VBScript OAuth library to VBA. One of the challenges is this line of code:
Get_Signature = b64_hmac_sha1(strSecret, strBaseSignature)
This function, b64_hmac_sha1 is actually a function contained in a JavaScript library. It appears to me that calling a JavaScript function from VBA is fairly impractical.
Because I know so little about encryption, it's not even clear to me what this b64_hmac_sha1 function does. Is HMAC SHA1 different from SHA1?
I half suspect I might be able to find some VBA code online to do what I need to do if I just understood what this function is actually doing. If I do not find an existing function, I could possibly write one that would use the .NET Cryptography library (you can actually call the .NET cryptography libraries from VBA if you know how).
I'm not looking for someone to convert this JavaScript to VBA. I'm only trying to understand what it is that this b64_hmac_sha1 function is outputting so I can try to find ways to achieve the same output in VBA if possible.
A copy of this JavaScript library is visible on this website. You'll have to scroll down past the VBScript to the JavaScript section. http://solstice.washington.edu/solstice/ASP_Signing_REST_Example
Edit1:
OK, so here's the functions I ended up writing and using:
Public Function Base64_HMACSHA1(ByVal sTextToHash As String, ByVal sSharedSecretKey As String)
Dim asc As Object, enc As Object
Dim TextToHash() As Byte
Dim SharedSecretKey() As Byte
Set asc = CreateObject("System.Text.UTF8Encoding")
Set enc = CreateObject("System.Security.Cryptography.HMACSHA1")
TextToHash = asc.Getbytes_4(sTextToHash)
SharedSecretKey = asc.Getbytes_4(sSharedSecretKey)
enc.Key = SharedSecretKey
Dim bytes() As Byte
bytes = enc.ComputeHash_2((TextToHash))
Base64_HMACSHA1 = EncodeBase64(bytes)
Set asc = Nothing
Set enc = Nothing
End Function
Private Function EncodeBase64(ByRef arrData() As Byte) As String
Dim objXML As MSXML2.DOMDocument
Dim objNode As MSXML2.IXMLDOMElement
Set objXML = New MSXML2.DOMDocument
' byte array to base64
Set objNode = objXML.createElement("b64")
objNode.DataType = "bin.base64"
objNode.nodeTypedValue = arrData
EncodeBase64 = objNode.Text
Set objNode = Nothing
Set objXML = Nothing
End Function
Using this function:
Debug.Print Base64_HMACSHA1("abc", "123")
VAsMU9SSWDe9krP3Gr56nXC2dsQ=
HMAC is a construct for turning a hash function, like SHA1, into a Message Authentication Code (MAC).
Normal hash functions don't have any secret data associated with it. This means that anyone can compute the digest, assuming they have the original input. HMAC uses a secret key, so that only those in possession of the key can compute outputs.
Suppose I have a file, file.txt. I want to send this to you, and we need to make sure nobody tampers with it. Sorry, I have no clever way to represent this with just text.
me -> file.txt -> you
me -> SHA1(file.txt) -> you
Then you verify the result by computing your own SHA1 digest, and verifying it matches what I sent you.
Now suppose an attacker was in the middle. Unfortunately, because there is no secret involved, the attacker can modify the file, and compute his own file/digest pair. When you compute your version, it'll match what he sent you, and you'll be none the wiser.
me -> file.txt -> attacker -> modified.txt -> you
me -> SHA1(file.txt) -> attacker -> SHA1(modified.txt) -> you
With HMAC, we add a secret key to the computation.
me -> file.txt -> you
me -> SHA1_HMAC(file.txt, our_secret) -> you
When you compute your version, you apply the secret key as well, and the result matches. The attacker, without knowledge of the key, can't replace the digest.
me -> file.txt -> attacker -> modified.txt -> you
me -> SHA1(file.txt) -> attacker -> SHA1_HMAC(modified.txt, // DOESN'T KNOW KEY) -> you
HMAC is a very specific way of adding the secret key. Unfortunately, simple methods of just concatenating a key to the end of the file, or pre-pending it before hashing, are vulnerable to different attacks (length extension attacks, for example).
The B64 is Base64 encoding the output, to make it pretty.
What this code is ultimately doing is taking some input, and some secret key, and computing a 160-bit digest, and base64 encoding the result.
There is an implementation of SHA1 HMAC in .NET
This looks like an implementation of Base64 for VBA
I hope this answers it well enough, or clear enough. If the text is confusing, please let me know. I tried a couple routes of how to express it, and none of them seemed that clear.
这篇关于Base64 HMAC SHA1 VBA中的字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
