hmac-sha1 in ruby differs from C# HMACSHA1

Question

I am trying to test the API from ankoder.com and have problem on the digest calculation for the authentication token . The sample is ruby while I am trying to call from C#. When I compare the digest result between in HMAC-SHA1, I got issues with the passkey result.

To make it easy to test here is the code:

require 'hmac-sha1'
require 'digest/sha1'
require 'base64'
token="-Sat, 14 Nov 2009 09:47:53 GMT-GET-/video.xml-"
private_key="whatever"
salt=Digest::SHA1.hexdigest(token)[0..19]
passkey=Base64.encode64(HMAC::SHA1.digest(private_key, salt)).strip

Which gives me the result: "X/0EngsTYf7L8e7LvoihTMLetlM=\n" If I try this in C# with the following:

const string PrivateKey = "whatever";

var date = "Sat, 14 Nov 2009 09:47:53 GMT";//DateTime.Now.ToUniversalTime().ToString("ddd, dd MMM yyyy HH:mm:ss") + " GMT";
string token=string.Format("-{0}-GET-/video.xml-", date);

var salt_binary=SHA1.Create().ComputeHash(Encoding.ASCII.GetBytes(token));
var salt_hex=BitConverter.ToString(salt_binary).Replace("-", "").ToLower();
var salt =salt_hex.Substring(0,20);

var hmac_sha1 =
            new HMACSHA1(Encoding.ASCII.GetBytes(salt));
hmac_sha1.Initialize();

var private_key_binary = Encoding.ASCII.GetBytes(PrivateKey);
var passkey_binary = hmac_sha1.ComputeHash(private_key_binary,0,private_key_binary.Length);

var passkey = Convert.ToBase64String(passkey_binary).Trim();

The salt result is the same, but the passkey result is different- C# gives me :

QLC68XjQlEBurwbVwr7euUfHW/k=

Both generates the salt: f5cab5092f9271d43d2e

Any good idea what has happened?

Answer 1

You've put PrivateKey and salt in the wrong positions in your C# code; per your Ruby code, PrivateKey is meant to be the HMAC's secret key.

Also be aware that you've included a newline at the end of the hash produced by your Ruby program (according to your sample output, anyway). You must not include the newline or the hashes won't match.

This C# program corrects the first issue:

using System;
using System.Security.Cryptography;
using System.Text;

namespace Hasher
{
  class Program
  {
    static void Main(string[] args)
    {
      const string PrivateKey = "whatever";

      string date = "Sat, 14 Nov 2009 09:47:53 GMT";
      string token = string.Format("-{0}-GET-/video.xml-", date);

      byte[] salt_binary = SHA1.Create().ComputeHash(Encoding.ASCII.GetBytes(token));
      string salt_hex = BitConverter.ToString(salt_binary).Replace("-", "").ToLower();
      string salt = salt_hex.Substring(0, 20);

      HMACSHA1 hmac_sha1 = new HMACSHA1(Encoding.ASCII.GetBytes(PrivateKey));
      hmac_sha1.Initialize();

      byte[] private_key_binary = Encoding.ASCII.GetBytes(salt);
      byte[] passkey_binary = hmac_sha1.ComputeHash(private_key_binary, 0, private_key_binary.Length);

      string passkey = Convert.ToBase64String(passkey_binary).Trim();
    }
  }
}

Answer 2

I see 2 issues,

1. You got key/data reversed. In Ruby, private_key is the key and the salt is the data. In C#, you did the opposite.
2. If non-ASCII is allowed in any of your strings, you have to make sure you use same encoding. Ruby treats everything as raw bytes so the C# has to match its encoding. If jcode is used, the encoding in C# should match $KCODE.