generate HMAC-SHA1 in C#

Question

I am trying to make use of a REST API using C#.

The API creator has provided below pseudo code for hmac creation.

var key1 = sha1(body);
var key2 = key1         


        

Answer 1

The issue to make it work in c# is that you need to take the hex format into consideration and then in some cases for it to work the final result should be lower case (example if you're using this for a quickblox api or something)

    private string GetHashedMessage(String _secret)
    {
        System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();
        byte[] keyByte = encoding.GetBytes(_secret);
        String _message= "Your message that needs to be hashed";
        HMACSHA1 hmacsha1 = new HMACSHA1(keyByte);

        byte[] messageBytes = encoding.GetBytes(_message);
        byte[] hashmessage = hmacsha1.ComputeHash(messageBytes);
        return ByteToString(hashmessage).ToLower();
    }

    public string ByteToString(byte[] buff)
    {
        string sbinary = "";

        for (int i = 0; i < buff.Length; i++)
        {
            sbinary += buff[i].ToString("X2"); // hex format
        }
        return (sbinary);
    }

reference: http://billatnapier.com/security01.aspx

Answer 2

Direct mapping of above code to C# would be something like:

static string ComputeSignature(byte[] body, byte[] secret) {
    using (var sha1 = SHA1.Create())
    {
        var key1 = sha1.ComputeHash(body);
        var key2 = key1.Concat(secret).ToArray();
        var key3 = sha1.ComputeHash(key2);
        return Convert.ToBase64String(key3);
    }
}

If you have request body as a string, convert it to byte array using proper encoding, for example:

var body = Encoding.UTF8.GetBytes(bodyAsString);

If you have your secret as string - that depends on how api developer expects it to be converted to byte array. Most likely it's already HEX or base64-encoded string.