“消息”:“请求失败的哈希比较”

时间:2018-06-27 14:56:48

标签: javascript node.js

我正在尝试使用REST Api来检索会话密钥,并且检索会话密钥的说明为

  1. 使用Aes256。创建一个IV,然后将其转换为base64,然后将其传递到iv标头中
  2. 将JSON对象(包含请求主体参数)序列化为字节数组
  3. 生成加密密钥的字节数组,并使用它生成未加密的JSON对象Byte数组的HMACSHA512哈希并将其作为x哈希传递到标头中
  4. 使用AES256使用加密密钥字节数组和Iv对步骤2中的字节数组进行加密。

我没有访问服务器端代码的权限,但是它是C#,并且在我发送请求时它以{"Message":"Request failed hash compare"}响应。我非常确定,该错误意味着数据正在被解密,但未正确解密,因为当它尝试将解密后的有效负载的哈希值与我在标头中传递的哈希值进行比较时会失败。我知道我的加密是正确的,因为当我将预加密的有效负载与解密的有效负载进行比较时,它们是完全相同的。有人可以告诉我服务器端C#代码为何/为什么不以相同的方式解密吗?

var aes = require('aes-js');
var crypto = require('crypto');
var request = require('request');
var aesjs = require('aes-js');

var fiddler = require("./fiddler");
fiddler.proxyRequests();
//fiddler.unproxyRequests();

var encryptionKey = "";
var automationId = "";
var timeStamp = new Date().toUTCString();
var user = 
{
    "Identity": {
        "Email": "email"
    },
    "IpAddress":"",
    "TimeStamp": timeStamp

};

console.log(JSON.stringify(user));

var iv = crypto.randomBytes(16).slice(0, 16);
console.log(iv);
var ivStr = iv.toString('base64');
var payloadByteArr = Buffer.from(JSON.stringify(user), 'base64');
var encryptionKeyByteArr = Buffer.from(encryptionKey, 'base64');



var hashedPayload = crypto.createHmac('SHA512', encryptionKeyByteArr.toString('binary')).update(payloadByteArr).digest('base64');
console.log(hashedPayload);

var cipher = crypto.createCipheriv('aes-256-cbc', encryptionKeyByteArr, iv);
var encrypted = cipher.update(new Buffer(JSON.stringify(user)));
var encryptedPayload = Buffer.concat([encrypted, cipher.final()]).toString('base64');
console.log(encryptedPayload);

function decrypt(encrypted, key, iv){
    var decipher = crypto.createDecipheriv('aes-256-cbc', key, iv);
    var dec = decipher.update(encrypted,'base64','utf8');
    dec += decipher.final('utf-8'); 
    
    var hashedPayloadTest = crypto.createHmac('SHA512', encryptionKeyByteArr.toString('binary')).update(new Buffer(dec, 'base64')).digest('base64');
    console.log(hashedPayloadTest);

    return dec;
}

console.log(decrypt(encryptedPayload, encryptionKeyByteArr, iv).toString('base64'));


request({
    url:     'url',
    method: "POST",
    headers: {
        "content-type": "application/json", "X-Email": "email", 
        "X-Iv": ivStr, "X-Company-Automation-ID": automationId, "X-Hash": hashedPayload
        },
    json: encryptedPayload

}, function(error, response, body){
        
        console.log(JSON.stringify(body));
});

0 个答案:

没有答案
相关问题
最新问题