Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
sha1 hmac hexdigest signature
package main
import (
"crypto/hmac"
"crypto/sha1"
"crypto/subtle"
"encoding/hex"
"fmt"
"os"
)
func generateSignature(secretToken, payloadBody string) string {
mac := hmac.New(sha1.New, []byte(secretToken))
mac.Write([]byte(payloadBody))
expectedMAC := mac.Sum(nil)
return "sha1=" + hex.EncodeToString(expectedMAC)
}
func verifySignature(secretToken, payloadBody string, signatureToCompareWith string) bool {
signature := generateSignature(secretToken, payloadBody)
return subtle.ConstantTimeCompare([]byte(signature), []byte(signatureToCompareWith)) == 1
}
func main() {
testPayloadBody := `{"message":"test content"}`
testSignatureToCompareWith := `sha1=33a08e9b5e9c8d5e944d9288e9b499abb298344d`
fmt.Println("signature match? :", verifySignature(os.Getenv("SECRET_TOKEN"), testPayloadBody, testSignatureToCompareWith))
}
require 'openssl'
require 'rack' # gem install rack
test_payload_body='{"message":"test content"}'
test_signature_to_compare_with='sha1=33a08e9b5e9c8d5e944d9288e9b499abb298344d'
def generate_signature(secret_token, payload_body)
return 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), secret_token, payload_body)
end
def verify_signature(secret_token, payload_body, signature_to_compare_with)
signature = generate_signature(secret_token, payload_body)
return Rack::Utils.secure_compare(signature, signature_to_compare_with)
end
puts "signature match? : #{verify_signature(ENV['SECRET_TOKEN'], test_payload_body, test_signature_to_compare_with)}"
@viktorbenei
Copy link
Author

viktorbenei commented Oct 5, 2018

To compare signatures use constant time compares:

@rayxyz
Copy link

rayxyz commented Jul 19, 2020

YOUR CODE WORKS LIKE A CHARM!

@viktorbenei
Copy link
Author

viktorbenei commented Jul 21, 2020

YOUR CODE WORKS LIKE A CHARM!

Awesome to hear @rayxyz ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment