From: Steve on 10 May 2010 11:54 I have been tasked with creating a feature in an existing VB6 app that will interact with a clients web portal. The problem I am having is that the web interface requires I send the data (this is simply context info...no passwords) packed in a SHA1 hash. My hashing function(s) must create the exact same value as theirs does so that they can read the data. I have found several examples online for using the CryptoAPI to do SHA1 hashing but I can not figure out how to specify the "secret key" Here is the C# code the client uses to create the hash: byte[] sharedSecretBytes; string stringToHash; ASCIIEncoding encoding = new ASCIIEncoding(); this.Token = "56FCEFC9-579C-445E-9FD3-AFFD76C8619E"; sharedSecretBytes = encoding.GetBytes("SomeSecretKey"); stringToHash = this.Plan + this.Claim + this.Csr + this.Token + this.Date; HMACSHA1 hasher = new HMACSHA1(sharedSecretBytes); byte[] bytesToHash = encoding.GetBytes(stringToHash); hasher.ComputeHash(bytesToHash); string computedHash = Convert.ToBase64String(hasher.Hash); hasher.Clear(); if (computedHash != this.Hash.Replace(" ","+")) { exceptions.Exceptions.Add(new InvalidFieldException("Invalid hash.", "Hash")); } Can anyone help me to create a VB6 version of this same thing. Thanks, Steve
From: Steve on 10 May 2010 12:14 On May 10, 11:54 am, Steve <sredm...(a)rfcorp.com> wrote: > I have been tasked with creating a feature in an existing VB6 app that > will interact with a clients web portal. The problem I am having is > that the web interface requires I send the data (this is simply > context info...no passwords) packed in a SHA1 hash. My hashing > function(s) must create the exact same value as theirs does so that > they can read the data. I have found several examples online for > using the CryptoAPI to do SHA1 hashing but I can not figure out how to > specify the "secret key" > > Here is the C# code the client uses to create the hash: > > byte[] sharedSecretBytes; > string stringToHash; > > ASCIIEncoding encoding = new ASCIIEncoding(); > > this.Token = "56FCEFC9-579C-445E-9FD3-AFFD76C8619E"; > sharedSecretBytes = encoding.GetBytes("SomeSecretKey"); > stringToHash = this.Plan + this.Claim + this.Csr + this.Token + > this.Date; > > HMACSHA1 hasher = new HMACSHA1(sharedSecretBytes); > byte[] bytesToHash = encoding.GetBytes(stringToHash); > hasher.ComputeHash(bytesToHash); > string computedHash = Convert.ToBase64String(hasher.Hash); > hasher.Clear(); > > if (computedHash != this.Hash.Replace(" ","+")) > { > exceptions.Exceptions.Add(new InvalidFieldException("Invalid > hash.", "Hash")); > > } > > Can anyone help me to create a VB6 version of this same thing. > > Thanks, > Steve Thought I might provide a bit more information on what I have actually tried. I have tried using the SHA1.bas file (found here http://vb.wikia.com/wiki/SHA-1.bas) but as stated in the previous message, I can not figure out how to use the "secret key". When reading the documentation on the website for the module mentioned, it looks like I could call the SHA1 function. Further it looks like the key would be passed in the args Key1 trhough Key4 and the resulting hash would be returned in H1 through H4. If these assumptions are true, how do I get the secret ket (which is a single string value) into the Key1 through Key4 longs? Then how do I get the result (from H1 through H4) into a single string. Thanks, Steve
From: GS on 10 May 2010 13:29 Steve laid this down on his screen : > On May 10, 11:54�am, Steve <sredm...(a)rfcorp.com> wrote: >> I have been tasked with creating a feature in an existing VB6 app that >> will interact with a clients web portal. �The problem I am having is >> that the web interface requires I send the data (this is simply >> context info...no passwords) packed in a SHA1 hash. �My hashing >> function(s) must create the exact same value as theirs does so that >> they can read the data. �I have found several examples online for >> using the CryptoAPI to do SHA1 hashing but I can not figure out how to >> specify the "secret key" >> >> Here is the C# code the client uses to create the hash: >> >> byte[] sharedSecretBytes; >> string stringToHash; >> >> ASCIIEncoding encoding = new ASCIIEncoding(); >> >> this.Token = "56FCEFC9-579C-445E-9FD3-AFFD76C8619E"; >> sharedSecretBytes = encoding.GetBytes("SomeSecretKey"); >> stringToHash = this.Plan + this.Claim + this.Csr + this.Token + >> this.Date; >> >> HMACSHA1 hasher = new HMACSHA1(sharedSecretBytes); >> byte[] bytesToHash = encoding.GetBytes(stringToHash); >> hasher.ComputeHash(bytesToHash); >> string computedHash = Convert.ToBase64String(hasher.Hash); >> hasher.Clear(); >> >> if (computedHash != this.Hash.Replace(" ","+")) >> { >> � � exceptions.Exceptions.Add(new InvalidFieldException("Invalid >> hash.", "Hash")); >> >> } >> >> Can anyone help me to create a VB6 version of this same thing. >> >> Thanks, >> Steve > Thought I might provide a bit more information on what I have actually > tried. > > I have tried using the SHA1.bas file (found here > http://vb.wikia.com/wiki/SHA-1.bas) but as stated in the previous message, I > can not figure out how to use the "secret key". When reading the > documentation on the website for the module mentioned, it looks like I could > call the SHA1 function. Further it looks like the key would be passed in the > args Key1 trhough Key4 and the resulting hash would be returned in H1 through > H4. If these assumptions are true, how do I get the secret ket (which is a > single string value) into the Key1 through Key4 longs? Then how do I > get the result (from H1 through H4) into a single string. > > Thanks, > Steve Typically, a hash is a one-way deal. You also need a corresponding algorythm designed to unhash, which isn't how hashes work<IMO>. The article you refer to creates a hash based on the values you specify for Hi to H5 and Key1 to Key4. These are just placeholders for values, and can be whatever you want them to be. This is typically how passwords are used, where a user types in their username and password and these are used to create the hash. The hash is then compared to the stored hash for that user. If they match, they're in! The actual code returns a 5 part serial key containing 40 characters. To validate this serial it must be rehashed at the other end using the same input data, meaning both parties have to use the same hash algorythm AND have exactly the same data so that a comparison can be made. -OR- the receiving party must have an exact copy of the "expected" hash stored somewhere in order to do the comparison without having the original data. If you're looking for a way to share (encrypt/decrypt) data using a private key or private/public key pair then you want to use a different function set in the CryptoAPI.dll. The DLL can generate key pairs for you if going that route. In this case, the other people you pass files to/from needs the your public key, or you need theirs. In this case, if you are required to use their key then you're going to have to ask them for it. Try googling "CryptoAPI VB6" to get info on how to use it. Frankly, I don't think you'll get much useful info from MSDN or any MSFT sites, but there's other sources out there that will show up in the search. Another keyword to try is "Cryptography Algorythms" Garry
From: Steve on 10 May 2010 14:04 On May 10, 1:29 pm, GS <G...(a)discussions.microsoft.com> wrote: > Steve laid this down on his screen : > > > > > > > On May 10, 11:54 am, Steve <sredm...(a)rfcorp.com> wrote: > >> I have been tasked with creating a feature in an existing VB6 app that > >> will interact with a clients web portal. The problem I am having is > >> that the web interface requires I send the data (this is simply > >> context info...no passwords) packed in a SHA1 hash. My hashing > >> function(s) must create the exact same value as theirs does so that > >> they can read the data. I have found several examples online for > >> using the CryptoAPI to do SHA1 hashing but I can not figure out how to > >> specify the "secret key" > > >> Here is the C# code the client uses to create the hash: > > >> byte[] sharedSecretBytes; > >> string stringToHash; > > >> ASCIIEncoding encoding = new ASCIIEncoding(); > > >> this.Token = "56FCEFC9-579C-445E-9FD3-AFFD76C8619E"; > >> sharedSecretBytes = encoding.GetBytes("SomeSecretKey"); > >> stringToHash = this.Plan + this.Claim + this.Csr + this.Token + > >> this.Date; > > >> HMACSHA1 hasher = new HMACSHA1(sharedSecretBytes); > >> byte[] bytesToHash = encoding.GetBytes(stringToHash); > >> hasher.ComputeHash(bytesToHash); > >> string computedHash = Convert.ToBase64String(hasher.Hash); > >> hasher.Clear(); > > >> if (computedHash != this.Hash.Replace(" ","+")) > >> { > >> exceptions.Exceptions.Add(new InvalidFieldException("Invalid > >> hash.", "Hash")); > > >> } > > >> Can anyone help me to create a VB6 version of this same thing. > > >> Thanks, > >> Steve > > Thought I might provide a bit more information on what I have actually > > tried. > > > I have tried using the SHA1.bas file (found here > >http://vb.wikia.com/wiki/SHA-1.bas) but as stated in the previous message, I > > can not figure out how to use the "secret key". When reading the > > documentation on the website for the module mentioned, it looks like I could > > call the SHA1 function. Further it looks like the key would be passed in the > > args Key1 trhough Key4 and the resulting hash would be returned in H1 through > > H4. If these assumptions are true, how do I get the secret ket (which is a > > single string value) into the Key1 through Key4 longs? Then how do I > > get the result (from H1 through H4) into a single string. > > > Thanks, > > Steve > > Typically, a hash is a one-way deal. You also need a corresponding > algorythm designed to unhash, which isn't how hashes work<IMO>. The > article you refer to creates a hash based on the values you specify for > Hi to H5 and Key1 to Key4. These are just placeholders for values, and > can be whatever you want them to be. This is typically how passwords > are used, where a user types in their username and password and these > are used to create the hash. The hash is then compared to the stored > hash for that user. If they match, they're in! > > The actual code returns a 5 part serial key containing 40 characters. > To validate this serial it must be rehashed at the other end using the > same input data, meaning both parties have to use the same hash > algorythm AND have exactly the same data so that a comparison can be > made. -OR- the receiving party must have an exact copy of the > "expected" hash stored somewhere in order to do the comparison without > having the original data. > > If you're looking for a way to share (encrypt/decrypt) data using a > private key or private/public key pair then you want to use a different > function set in the CryptoAPI.dll. The DLL can generate key pairs for > you if going that route. In this case, the other people you pass files > to/from needs the your public key, or you need theirs. In this case, if > you are required to use their key then you're going to have to ask them > for it. > > Try googling "CryptoAPI VB6" to get info on how to use it. Frankly, I > don't think you'll get much useful info from MSDN or any MSFT sites, > but there's other sources out there that will show up in the search. > Another keyword to try is "Cryptography Algorythms" > > Garry- Hide quoted text - > > - Show quoted text - I guess I am not making myself clear...let me try again. I am not trying to encrypt anything I am trying to hash some data using the same algorythms as will be used on the other side. The data and the hash is passed as plain text to the website. The site then runs it's hash calculation on the provided data and if the hash value it comes up with matches the one I passed then it assumes the request is from a valid user. The problem I am having is with adding the "secrect key" portion. In the C# code (used by the website) the "secret key" is integrated into the hash by the line: HMACSHA1 hasher = new HMACSHA1(sharedSecretBytes); Where "sharedSecretBytes" is a string variable defined earlier. In order for my hash calculation to produce the same results I need to include that same key in the same way that C# class initializer does. So again my question is, how do I represent the "secret key" + the data elements into the K1 - K4 parameters...then how do I get a string representation (which is what the website is looking for) of the resulting hash (H1 - H5)? Thanks, Steve
From: Larry Serflaten on 10 May 2010 16:25 "Steve" <sredmyer(a)rfcorp.com> wrote So again my question is, how do I represent the "secret key" + the data elements into the K1 - K4 parameters...then how do I get a string representation (which is what the website is looking for) of the resulting hash (H1 - H5)? --- At first glance you seem to need to change some string into longs, and some longs into a string. Take a look at LSet. Its used in the SHA1 routine to change four bytes into one long. Some might prefer CopyMemory, but as you can see, LSet does the job. Instead of FourBytes and OneLong, you'd need types like FourLongs and OneString (although Byte Array would probably be a better option). For example: Option Explicit Private Type FourLongs L1 As Long L2 As Long L3 As Long L4 As Long End Type Private Type OneString S(0 To 15) As Byte End Type Private Sub Form_Load() Dim msg As String, tmp() As Byte Dim i&, OS As OneString, FL As FourLongs msg = "Is 16 correct???" tmp = StrConv(msg, vbFromUnicode) For i = 0 To 15 OS.S(i) = tmp(i) Next LSet FL = OS With FL Debug.Print Hex(.L1), Hex(.L2), Hex(.L3), Hex(.L4) Debug.Print "1 sI", "oc 6", "cerr", "???t" End With End Sub
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: Drawing blended drop shadows quickly Next: SetFocus to MDI Control |