HMAC with openssl dgst -sha512 and Lasso 8.6 / CentOS
Locked
 
|
Hi list,
The use of the tag Encrypt_HMAC to hash a string is limited in Lasso by the digest algorithms returned by [Cipher_List: -Digest] . So, (MD2), (MD4), (MD5), (SHA), (SHA1), (DSA-SHA), (DSA), (RIPEMD160) are available for hashing. And what if SHA512 is required ? As it is the case with recent online payment systems, as Lasso stayed somewhere on the road... Subject has been discussed in the list, and a search as "hash_hmac tag in php" or "SHA512 encryption" shows interesting threads. A nice way to solve the issue is the use of an OS_process call to ask the machine to send back the hashed key. local : 'HMAC_KEY' = '0123456789ABCDEF ... 0123456789ABCDEF'; local : 'params' = 'DATA TO HASH ... DATA TO HASH'; local: 'myProcess' = (OS_Process: '/bin/echo -n "'#params'" | openssl dgst -sha512 -hmac '#HMAC_KEY); local : 'result' = #myProcess->Read; local : 'erreur' = #myProcess->ReadError; #myProcess->Close; As suggested in that thread lasso.2283332.n4.nabble.com/SHA512-encryption-methods-td4639407.html <http://lasso.2283332.n4.nabble.com/SHA512-encryption-methods-td4639407.html> written in Lasso 9 shell('echo -n ' + 'STRING TO HASH' + ' | openssl dgst -sha512'); Sent directly in a shell window on the server, the command behave as expected and returns the hash. But in the method with OS_Process tag it throws errors as : "2: No such file or directory" or "36: File name too long" I've tried many ways to get it work without success. Any hint ? Regards JP - E SYSTEMES France ############################################################# This message is sent to you because you are subscribed to the mailing list Lasso [hidden email] Official list archives available at http://www.lassotalk.com To unsubscribe, E-mail to: <[hidden email]> Send administrative queries to <[hidden email]> |
Re: HMAC with openssl dgst -sha512 and Lasso 8.6 / CentOS
|
|
I am not into Lasso 8 and thus my reply is probably of limited value. But in Lasso 9 I have this working fine.
In my jwt type found here: https://gist.github.com/jolle-c/bf3ab3ee41bc1abebb0ce3d7b4c69ccd the code uses shell when the call is done for a cypher that Lasso doesn’t provide. if(cipher_list(-digest) >> #method_used -> last) => { return encrypt_hmac( -token = #msg, -password = #key, -digest = #method_used -> last, -base64 ) else // using sys_process via shell, calling openssl local(syntax = 'echo -n ' + #msg + ' | openssl dgst -binary ' + #method_used -> first + ' -hmac "' + #key + '" | openssl base64 -a') return string(shell(#syntax)) } N.B. This implementation of shell uses sys_process and not os_process. My implementation can be found here: https://gist.github.com/jolle-c/7e3a6a0d30a032573bb67eae423ff865 HDB Jolle > 26 sep. 2018 kl. 08:32 skrev bienvenue <[hidden email]>: > > Hi list, > > The use of the tag Encrypt_HMAC to hash a string is limited in Lasso by the digest algorithms returned by [Cipher_List: -Digest] . > So, (MD2), (MD4), (MD5), (SHA), (SHA1), (DSA-SHA), (DSA), (RIPEMD160) are available for hashing. > > And what if SHA512 is required ? As it is the case with recent online payment systems, as Lasso stayed somewhere on the road... > Subject has been discussed in the list, and a search as "hash_hmac tag in php" or "SHA512 encryption" shows interesting threads. > > A nice way to solve the issue is the use of an OS_process call to ask the machine to send back the hashed key. > > local : 'HMAC_KEY' = '0123456789ABCDEF ... 0123456789ABCDEF'; > local : 'params' = 'DATA TO HASH ... DATA TO HASH'; > > local: 'myProcess' = (OS_Process: '/bin/echo -n "'#params'" | openssl dgst -sha512 -hmac '#HMAC_KEY); > > local : 'result' = #myProcess->Read; > local : 'erreur' = #myProcess->ReadError; > #myProcess->Close; > > As suggested in that thread lasso.2283332.n4.nabble.com/SHA512-encryption-methods-td4639407.html <http://lasso.2283332.n4.nabble.com/SHA512-encryption-methods-td4639407.html> written in Lasso 9 > > shell('echo -n ' + 'STRING TO HASH' + ' | openssl dgst -sha512'); > > Sent directly in a shell window on the server, the command behave as expected and returns the hash. > But in the method with OS_Process tag it throws errors as : "2: No such file or directory" or "36: File name too long" > > I've tried many ways to get it work without success. Any hint ? > > Regards > JP - E SYSTEMES France > > ############################################################# > > This message is sent to you because you are subscribed to > the mailing list Lasso [hidden email] > Official list archives available at http://www.lassotalk.com > To unsubscribe, E-mail to: <[hidden email]> > Send administrative queries to <[hidden email]> ############################################################# This message is sent to you because you are subscribed to the mailing list Lasso [hidden email] Official list archives available at http://www.lassotalk.com To unsubscribe, E-mail to: <[hidden email]> Send administrative queries to <[hidden email]> |
Re: HMAC with openssl dgst -sha512 and Lasso 8.6 / CentOS
|
In reply to this post by bienvenue
On 9/26/18 at 8:32 AM, [hidden email] (bienvenue) pronounced:
>local: 'myProcess' = (OS_Process: '/bin/echo -n "'#params'" | >openssl dgst -sha512 -hmac '#HMAC_KEY); ... snip ... >shell('echo -n ' + 'STRING TO HASH' + ' | openssl dgst -sha512'); > >Sent directly in a shell window on the server, the command >behave as expected and returns the hash. >But in the method with OS_Process tag it throws errors as : "2: >No such file or directory" or "36: File name too long" Don't use os_process if you use shell already. The syntax for os_process is cumbersome, requiring an array of arguments be passed into the command, not a string as in your example. http://www.lassosoft.com/lassoDocs/languageReference/obj/OS_Process Var: 'myProcess' = (OS_Process: '/bin/ls', (Array: '.')); Encode_HTML: $myProcess->Read; $myProcess->Close; --steve -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Steve Piercy Website Builder Eugene, OR <[hidden email]> <http://www.stevepiercy.com/> ############################################################# This message is sent to you because you are subscribed to the mailing list Lasso [hidden email] Official list archives available at http://www.lassotalk.com To unsubscribe, E-mail to: <[hidden email]> Send administrative queries to <[hidden email]> |
|
|
In reply to this post by Jolle Carlestam-2
Hi Jolle,
Limited, but worth the value ! Thanks for your post. So, while following your link I found in the comments that your way is an adaptation of Jason Huck's [Shell] tag for Lasso 8.5 Which rests in "TagSwap" since 2008 ! TagSwap interface is so fussy I had not spot the tag... And that saved my day ! Although the advice for reading the language reference from Steve is a good one !-) I did tried to extract parameter to make an array of parameter with my cmd line... With your 2 answers I better understand the whole thing. And finally solve my issue. Regards JP - E SYSTEMES France --- > Le 26 sept. 2018 à 09:25, Jolle Carlestam <[hidden email]> a écrit : > > I am not into Lasso 8 and thus my reply is probably of limited value. But in Lasso 9 I have this working fine. > In my jwt type found here: > https://gist.github.com/jolle-c/bf3ab3ee41bc1abebb0ce3d7b4c69ccd > the code uses shell when the call is done for a cypher that Lasso doesn’t provide. > > > if(cipher_list(-digest) >> #method_used -> last) => { > return encrypt_hmac( > -token = #msg, > -password = #key, > -digest = #method_used -> last, > -base64 > ) > else > // using sys_process via shell, calling openssl > local(syntax = 'echo -n ' + #msg + ' | openssl dgst -binary ' + > #method_used -> first + ' -hmac "' + #key + '" | openssl base64 -a') > return string(shell(#syntax)) > } > > N.B. This implementation of shell uses sys_process and not os_process. My implementation can be found here: > https://gist.github.com/jolle-c/7e3a6a0d30a032573bb67eae423ff865 > > HDB > Jolle > >> 26 sep. 2018 kl. 08:32 skrev bienvenue <[hidden email]>: >> >> Hi list, >> >> The use of the tag Encrypt_HMAC to hash a string is limited in Lasso by the digest algorithms returned by [Cipher_List: -Digest] . >> So, (MD2), (MD4), (MD5), (SHA), (SHA1), (DSA-SHA), (DSA), (RIPEMD160) are available for hashing. >> >> And what if SHA512 is required ? As it is the case with recent online payment systems, as Lasso stayed somewhere on the road... >> Subject has been discussed in the list, and a search as "hash_hmac tag in php" or "SHA512 encryption" shows interesting threads. >> >> A nice way to solve the issue is the use of an OS_process call to ask the machine to send back the hashed key. >> >> local : 'HMAC_KEY' = '0123456789ABCDEF ... 0123456789ABCDEF'; >> local : 'params' = 'DATA TO HASH ... DATA TO HASH'; >> >> local: 'myProcess' = (OS_Process: '/bin/echo -n "'#params'" | openssl dgst -sha512 -hmac '#HMAC_KEY); >> >> local : 'result' = #myProcess->Read; >> local : 'erreur' = #myProcess->ReadError; >> #myProcess->Close; >> >> As suggested in that thread lasso.2283332.n4.nabble.com/SHA512-encryption-methods-td4639407.html <http://lasso.2283332.n4.nabble.com/SHA512-encryption-methods-td4639407.html> written in Lasso 9 >> >> shell('echo -n ' + 'STRING TO HASH' + ' | openssl dgst -sha512'); >> >> Sent directly in a shell window on the server, the command behave as expected and returns the hash. >> But in the method with OS_Process tag it throws errors as : "2: No such file or directory" or "36: File name too long" >> >> I've tried many ways to get it work without success. Any hint ? >> >> Regards >> JP - E SYSTEMES France ############################################################# This message is sent to you because you are subscribed to the mailing list Lasso [hidden email] Official list archives available at http://www.lassotalk.com To unsubscribe, E-mail to: <[hidden email]> Send administrative queries to <[hidden email]> |
«
Return to Lasso - Talk
|
1 view|%1 views
| Free forum by Nabble | Edit this page |