HMAC with openssl dgst -sha512 and Lasso 8.6 / CentOS

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

HMAC with openssl dgst -sha512 and Lasso 8.6 / CentOS

bienvenue
Hi list,

The use of the tag Encrypt_HMAC to hash a string is limited in Lasso by the digest algorithms returned by [Cipher_List: -Digest] .
So, (MD2), (MD4), (MD5), (SHA), (SHA1), (DSA-SHA), (DSA), (RIPEMD160) are available for hashing.

And what if SHA512 is required ? As it is the case with recent online payment systems, as Lasso stayed somewhere on the road...
Subject has been discussed in the list, and a search as "hash_hmac tag in php" or "SHA512 encryption" shows interesting threads.

A nice way to solve the issue is the use of an OS_process call to ask the machine to send back the hashed key.

        local : 'HMAC_KEY' =  '0123456789ABCDEF ... 0123456789ABCDEF';
        local : 'params' = 'DATA TO HASH ... DATA TO HASH';

        local: 'myProcess' = (OS_Process: '/bin/echo -n "'#params'" | openssl dgst -sha512 -hmac '#HMAC_KEY);

        local : 'result' = #myProcess->Read;
        local : 'erreur' = #myProcess->ReadError;
        #myProcess->Close;
       
As suggested in that thread lasso.2283332.n4.nabble.com/SHA512-encryption-methods-td4639407.html <http://lasso.2283332.n4.nabble.com/SHA512-encryption-methods-td4639407.html> written in Lasso 9

        shell('echo -n ' + 'STRING TO HASH' + ' | openssl dgst -sha512');
 
Sent directly in a shell window on the server, the command behave as expected and returns the hash.
But in the method with OS_Process tag it throws errors as : "2: No such file or directory" or "36: File name too long"

I've tried many ways to get it work without success. Any hint ?

Regards
JP - E SYSTEMES France

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: HMAC with openssl dgst -sha512 and Lasso 8.6 / CentOS

Jolle Carlestam-2
I am not into Lasso 8 and thus my reply is probably of limited value. But in Lasso 9 I have this working fine.
In my jwt type found here:
https://gist.github.com/jolle-c/bf3ab3ee41bc1abebb0ce3d7b4c69ccd
the code uses shell when the call is done for a cypher that Lasso doesn’t provide.


                if(cipher_list(-digest) >> #method_used -> last) => {
                        return encrypt_hmac(
                                -token = #msg,
                                -password = #key,
                                -digest = #method_used -> last,
                                -base64
                        )
                else
                        // using sys_process via shell, calling openssl
                        local(syntax = 'echo -n ' + #msg + ' | openssl dgst -binary ' +
                        #method_used -> first + ' -hmac "' + #key + '" | openssl base64 -a')
                        return string(shell(#syntax))
                }

N.B. This implementation of shell uses sys_process and not os_process. My implementation can be found here:
https://gist.github.com/jolle-c/7e3a6a0d30a032573bb67eae423ff865

HDB
Jolle

> 26 sep. 2018 kl. 08:32 skrev bienvenue <[hidden email]>:
>
> Hi list,
>
> The use of the tag Encrypt_HMAC to hash a string is limited in Lasso by the digest algorithms returned by [Cipher_List: -Digest] .
> So, (MD2), (MD4), (MD5), (SHA), (SHA1), (DSA-SHA), (DSA), (RIPEMD160) are available for hashing.
>
> And what if SHA512 is required ? As it is the case with recent online payment systems, as Lasso stayed somewhere on the road...
> Subject has been discussed in the list, and a search as "hash_hmac tag in php" or "SHA512 encryption" shows interesting threads.
>
> A nice way to solve the issue is the use of an OS_process call to ask the machine to send back the hashed key.
>
> local : 'HMAC_KEY' =  '0123456789ABCDEF ... 0123456789ABCDEF';
> local : 'params' = 'DATA TO HASH ... DATA TO HASH';
>
> local: 'myProcess' = (OS_Process: '/bin/echo -n "'#params'" | openssl dgst -sha512 -hmac '#HMAC_KEY);
>
> local : 'result' = #myProcess->Read;
> local : 'erreur' = #myProcess->ReadError;
> #myProcess->Close;
>
> As suggested in that thread lasso.2283332.n4.nabble.com/SHA512-encryption-methods-td4639407.html <http://lasso.2283332.n4.nabble.com/SHA512-encryption-methods-td4639407.html> written in Lasso 9
>
> shell('echo -n ' + 'STRING TO HASH' + ' | openssl dgst -sha512');
>
> Sent directly in a shell window on the server, the command behave as expected and returns the hash.
> But in the method with OS_Process tag it throws errors as : "2: No such file or directory" or "36: File name too long"
>
> I've tried many ways to get it work without success. Any hint ?
>
> Regards
> JP - E SYSTEMES France
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: HMAC with openssl dgst -sha512 and Lasso 8.6 / CentOS

stevepiercy
In reply to this post by bienvenue
On 9/26/18 at 8:32 AM, [hidden email] (bienvenue) pronounced:

>local: 'myProcess' = (OS_Process: '/bin/echo -n "'#params'" |
>openssl dgst -sha512 -hmac '#HMAC_KEY);

... snip ...

>shell('echo -n ' + 'STRING TO HASH' + ' | openssl dgst -sha512');
>
>Sent directly in a shell window on the server, the command
>behave as expected and returns the hash.
>But in the method with OS_Process tag it throws errors as : "2:
>No such file or directory" or "36: File name too long"

Don't use os_process if you use shell already.  The syntax for
os_process is cumbersome, requiring an array of arguments be
passed into the command, not a string as in your example.

http://www.lassosoft.com/lassoDocs/languageReference/obj/OS_Process

     Var: 'myProcess' = (OS_Process: '/bin/ls', (Array: '.'));
     Encode_HTML: $myProcess->Read;
     $myProcess->Close;

--steve

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy              Website Builder              Eugene, OR
<[hidden email]>               <http://www.stevepiercy.com/>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: HMAC with openssl dgst -sha512 and Lasso 8.6 / CentOS

bienvenue
In reply to this post by Jolle Carlestam-2
Hi Jolle,

Limited, but worth the value ! Thanks for your post.

So, while following your link I found in the comments that your way is an adaptation of Jason Huck's [Shell] tag for Lasso 8.5
Which rests in "TagSwap" since 2008 ! TagSwap interface is so fussy I had not spot the tag...

And that saved my day !

Although the advice for reading the language reference from Steve is a good one !-)
I did tried to extract parameter to make an array of parameter with my cmd line...
With your 2 answers I better understand the whole thing.

And finally solve my issue.

Regards
JP - E SYSTEMES France
---

> Le 26 sept. 2018 à 09:25, Jolle Carlestam <[hidden email]> a écrit :
>
> I am not into Lasso 8 and thus my reply is probably of limited value. But in Lasso 9 I have this working fine.
> In my jwt type found here:
> https://gist.github.com/jolle-c/bf3ab3ee41bc1abebb0ce3d7b4c69ccd
> the code uses shell when the call is done for a cypher that Lasso doesn’t provide.
>
>
> if(cipher_list(-digest) >> #method_used -> last) => {
> return encrypt_hmac(
> -token = #msg,
> -password = #key,
> -digest = #method_used -> last,
> -base64
> )
> else
> // using sys_process via shell, calling openssl
> local(syntax = 'echo -n ' + #msg + ' | openssl dgst -binary ' +
> #method_used -> first + ' -hmac "' + #key + '" | openssl base64 -a')
> return string(shell(#syntax))
> }
>
> N.B. This implementation of shell uses sys_process and not os_process. My implementation can be found here:
> https://gist.github.com/jolle-c/7e3a6a0d30a032573bb67eae423ff865
>
> HDB
> Jolle
>
>> 26 sep. 2018 kl. 08:32 skrev bienvenue <[hidden email]>:
>>
>> Hi list,
>>
>> The use of the tag Encrypt_HMAC to hash a string is limited in Lasso by the digest algorithms returned by [Cipher_List: -Digest] .
>> So, (MD2), (MD4), (MD5), (SHA), (SHA1), (DSA-SHA), (DSA), (RIPEMD160) are available for hashing.
>>
>> And what if SHA512 is required ? As it is the case with recent online payment systems, as Lasso stayed somewhere on the road...
>> Subject has been discussed in the list, and a search as "hash_hmac tag in php" or "SHA512 encryption" shows interesting threads.
>>
>> A nice way to solve the issue is the use of an OS_process call to ask the machine to send back the hashed key.
>>
>> local : 'HMAC_KEY' =  '0123456789ABCDEF ... 0123456789ABCDEF';
>> local : 'params' = 'DATA TO HASH ... DATA TO HASH';
>>
>> local: 'myProcess' = (OS_Process: '/bin/echo -n "'#params'" | openssl dgst -sha512 -hmac '#HMAC_KEY);
>>
>> local : 'result' = #myProcess->Read;
>> local : 'erreur' = #myProcess->ReadError;
>> #myProcess->Close;
>>
>> As suggested in that thread lasso.2283332.n4.nabble.com/SHA512-encryption-methods-td4639407.html <http://lasso.2283332.n4.nabble.com/SHA512-encryption-methods-td4639407.html> written in Lasso 9
>>
>> shell('echo -n ' + 'STRING TO HASH' + ' | openssl dgst -sha512');
>>
>> Sent directly in a shell window on the server, the command behave as expected and returns the hash.
>> But in the method with OS_Process tag it throws errors as : "2: No such file or directory" or "36: File name too long"
>>
>> I've tried many ways to get it work without success. Any hint ?
>>
>> Regards
>> JP - E SYSTEMES France

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>