Menu
▾
▴
Re: [naviserver-devel] What to do when [ns_base64encode] doesn't encrypt properly after the 63rd char?
|
From: <iu...@iu...> - 2020-05-26 16:06:43
|
<html><body><span style="font-family:Verdana; color:#000000; font-size:10pt;"><div>Thanks Gustaf,</div><div>It works now.</div><div><br></div><div>p.s. I don't understand why the subject of this thread got replaced with a previous thread that I opened.</div><div class="p1" style="">The original email that I sent has the subject: <span style="font-size: 10pt;">"Verifying HMAC signature [ns_crypto::hmac ...]"</span></div><div><br></div>
<blockquote id="replyBlockquote" webmail="1" style="border-left: 2px solid blue; margin-left: 8px; padding-left: 8px; font-size:10pt; color:black; font-family:verdana;">
<div id="wmQuoteWrapper">
-------- Original Message --------<br>
Subject: Re: [naviserver-devel] What to do when [ns_base64encode]<br>
doesn't encrypt properly after the 63rd char?<br>
From: Gustaf Neumann <<a href="mailto:ne...@wu...">ne...@wu...</a>><br>
Date: Tue, May 26, 2020 12:27 am<br>
To: <a href="mailto:nav...@li...">nav...@li...</a><br>
<br>
<div>Iuri, <br> </div> <div>The nsc_crypto::hmac performs the HMAC (Keyed-Hashing for <br> Message Authentication) as specified in RFC 2104, using a symmetric <br> key provided via argument.<br> <br> The HMAC can be verified the same way as a plain digest (without a secret):<br> If a received HMAC (or digest) should be verified, it must be recomputed.<br> In the case of the HMAC, the receiver has to know the secret. <br> <br> I see no need for an extra API call:<br> </div> <divre>===========================================================================
set secret_key "foobar1234"
set data "This is my data"
set HMAC [ns_crypto::hmac string -digest sha256 $secret_key $data]
#
# To verify a received HMAC , one needs the key and the data as well
#
if { $HMAC eq [ns_crypto::hmac string -digest sha256 $secret_key $data] } {
ns_log notice "Data verified"
}
===========================================================================
</pre> <p>The ns_crypto interface provides as well the interface based on key files<br> (PEM files) provided for "ns_crypto::md". In the case of the pem <br> files, it is more effort to extract keys, since there exists several <br> algorithms, key types etc., which are in specified inside the PEM <br> files. Therefore, this interface works for multiple key types, <br> include RSA and elliptic curves.<br> <br> In this variant, the message key can be signed with <br> </div> <divre> set sig [::ns_crypto::md string ... -sign PEM ...]</pre> <p>and verified with <br> </div> <divre> ::ns_crypto::md string ... -verify PEM -signature $sig ...</pre> <p>Below is the example from the man page.<br> </div> <div>all the best<br> -gn<br> </div> <divre>===========================================================================
% set sig [::ns_crypto::md string \
-digest sha1 \
-encoding binary \
-sign /usr/local/src/naviserver/myprivate.pem \
"abcdefghijklmnopqrstuxvwxyz\n"]
% set vfy [::ns_crypto::md string \
-digest sha1 \
-verify /usr/local/src/naviserver/myprivate.pem \
-signature $sig \
"abcdefghijklmnopqrstuxvwxyz\n"]
1
===========================================================================
</pre> <p><br> </div> <div><br> </div> <hr><hr>_______________________________________________<br>
naviserver-devel mailing list<br>
<a href="mailto:nav...@li...">nav...@li...</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/naviserver-devel">https://lists.sourceforge.net/lists/listinfo/naviserver-devel</a><br>
</div>
</blockquote></span></body></html>
|
