This message was discovered on microsoft.public.dotnet.framework.aspnet.security.
Responses highlighted in red are from those people who are likely to be able to contribute good, authoratitive information to this discussion. They include Microsoft employees, MVP's and others who IMHO contribute well to these kinds of discussions.
| Peter Afonin |
Hello,
I'm struggling with the string conversion to MD5 which I've never user
before.
I have a string that I need to encode which looks approximately like this:
"pva:0.05:101214:pa7735tH:inv_desc=205308:shp_Email=petera_gudzon.net:lang
=ru:shp_PaymentNo=20040825205308:shp_UserID=pva:shp_Price=2.95:shp_HostPlan=
BU:shp_Term=2"
I'm doing it this way:
Dim hashedBytes As Byte()
Dim md5 As New MD5CryptoServiceProvider
Dim encoder As New ASCIIEncoding
hashedBytes = md5.ComputeHash(encoder.GetBytes(sCRC))
Dim sNewCRC as String = Convert.ToString(md5.ComputeHash(hashedBytes))
It doesn't work. When I see the output on the page where I pass this string,
it looks like this:
'<input type=hidden name=crc value="System.Byte[]">'+
I don't know exactly how it should look like, but probably not like
"System.Byte[]"
I'm doing something wrong, but I don't know what.
I would really appreciate your help.
Thank you,
Peter Afonin
|
|
| |
| | |
| |
| Joe Kaplan \(MVP - ADSI\) (VIP) |
Why don't you try Convert.ToBase64String instead? Typically, you encode
binary data as a string with either Base64 or hex string encoding.
Also, be careful about using ASCII encoding to convert the input string to
binary. If it includes any non-ASCII characters, you'll be throwing data
away. UTF8 is safer. Whatever you do, make sure you alway compute the hash
the same way if you are going to be using it for a comparison.
HTH,
Joe K.
"Peter Afonin" <Click here to reveal e-mail address> wrote in message
news:Click here to reveal e-mail address...
[Original message clipped]
|
|
| |
| |
| Peter Afonin |
Thank you, Joe.
I've tried to change it like this:
Dim hashedBytes As Byte()
Dim md5 As New MD5CryptoServiceProvider
Dim encoder As new UTF8Encoding
hashedBytes = md5.ComputeHash(encoder.GetBytes(sCRC))
sCRC = Convert.ToBase64String(md5.ComputeHash(hashedBytes))
Me.crc.Value = sCRC
Yes, the output string has changed:
'<input type=hidden name=crc value="35r0XmeFIOXs5evTQM0q+w==">'+
But I'm still getting a "bad crc" error.
Peter
"Joe Kaplan (MVP - ADSI)" <Click here to reveal e-mail address> wrote
in message news:uoBsCL%Click here to reveal e-mail address...
[Original message clipped]
|
|
| |
| |
| Joe Kaplan \(MVP - ADSI\) (VIP) |
What is giving you a "bad CRC" error? Is it the code below? That looks
like it should just return a base64 encoded MD5 hash of whatever string was
provided.
It isn't clear to me what you are trying to do or what the input is in the
funtion.
Joe K.
"Peter Afonin" <Click here to reveal e-mail address> wrote in message
news:eQeJri%Click here to reveal e-mail address...
[Original message clipped]
|
|
| |
| |
| Peter Afonin |
Joe, I'm connecting an online store to the payment system. I need to pass
this string to this payment gateway, and it will return me another string
back, confirming that the payment was successful.
I contacted the techsupport of this gateway. They said that I don't have to
convert my string to Base64. I need to convert every byte to 16-bit number
or something like this. They don't use ASP.Net, so couldn't give me an exact
code. They said that it should look approximately like this:
StringBuilder sb = new StringBuilder();
for (int i=0;i<hash.Length;i++)
sb.Append(hash[i].ToString("x").PadLeft(2,'0'));
return sb.ToString();
How it should look in VB.Net?
Thank you,
Peter
"Joe Kaplan (MVP - ADSI)" <Click here to reveal e-mail address> wrote
in message news:OJQ8p$%Click here to reveal e-mail address...
[Original message clipped]
|
|
| |
| |
| Joe Kaplan \(MVP - ADSI\) (VIP) |
Ah, this is the hex encoding thing I mentioned in my first post and didn't
provide an example for. You can either use the BitConverter class to
convert the byte[] to hex digits and then strip out the - characters it puts
in between or using something like my function called ConvertToOctetString
that you can do a Google groups search for that does this. It basically
just uses a StringBuilder and the X2 format code to loop over the bytes and
build the string.
Also, MAKE SURE that the vendor is calculating the MD5 of the data using the
same encoding that you are (UTF8, ACSII, UTF16, etc.) or else your input
byte array may be different and thus your hash will be different.
HTH,
Joe K.
"Peter Afonin" <Click here to reveal e-mail address> wrote in message
news:Click here to reveal e-mail address...
[Original message clipped]
|
|
| |
| | |
| |
| Peter Afonin |
Hello Joe,
I found a code that should do exactly the same as in the example in my
previous message, but still doing something wrong, because the payment
gateway gives me a message that the string is bad. There is a chance that
the code itself is OK, but the data I put in is bad. But do you see anything
wrong with this code? I would appreciate your comments very much. Peter.
Dim enc As Encoder = System.Text.Encoding.Unicode.GetEncoder()
Dim unicodeText() As Byte
unicodeText = System.Text.UnicodeEncoding.Unicode.GetBytes(sCRC)
enc.GetBytes(sCRC.ToCharArray(), 0, sCRC.Length, unicodeText, _
0, True)
Dim oMD5 As New System.Security.Cryptography.MD5CryptoServiceProvider
Dim result() As Byte = oMD5.ComputeHash(unicodeText)
Dim sb As New StringBuilder
Dim i As Integer = 0
For i = 0 To CType(result.Length - 1, Integer)
sb.Append(result(i).ToString("X").PadLeft(2, "0"))
Next
sCRC = sb.ToString
"Joe Kaplan (MVP - ADSI)" <Click here to reveal e-mail address> wrote
in message news:Click here to reveal e-mail address...
[Original message clipped]
|
|
| |
| |
| Joe Kaplan \(MVP - ADSI\) (VIP) |
There are two main things to keep in mind here:
The value of sCRC is what is being used to create the hash.
The hash is being computed based on a Unicode encoding of the same hash.
Thus, for someone else to recreate the MD5 hash of the data from the same
source data, they need to use the exact same sCRC as input and must use
Unicode encoding. UTF8 or any other encoding will produce a different byte
array and thus a different hash.
If the input string and the encoding is the same, the MD5 should be the
same. The only thing that might vary is if they are assuming the bytes are
in the opposite order and you need to reverse the string.
The code you keep showing below is hard to follow because it is using a
variable called sCRC as the input and then also setting that to the output.
We can't tell where the data came from or where it is going.
Can you post a function that calculates the MD5 of an input string using the
proper encoding and returns it as a hex string?
Joe K.
"Peter Afonin" <Click here to reveal e-mail address> wrote in message
news:Click here to reveal e-mail address...
[Original message clipped]
|
|
| |
| |
| Peter Afonin |
Thank you, Joe.
This makes sense. However, I don't know what function is used by the payment
gateway provider. I will contact them with all this information.
Peter
"Joe Kaplan (MVP - ADSI)" <Click here to reveal e-mail address> wrote
in message news:Click here to reveal e-mail address...
[Original message clipped]
|
|
| |
| |
| Joe Kaplan \(MVP - ADSI\) (VIP) |
My idea was that you would have a function that calculates the MD5 so that
we could see more clearly exactly how you are calculating it. After that,
you can verify with the vendor that they are using the same algorithm. The
function would look like:
Public Function GetMD5(ByVal inputData As String) as String
....
End Function
Then, we could see what results you are getting by passing in your input
data.
Joe K.
"Peter Afonin" <Click here to reveal e-mail address> wrote in message
news:uWjGZ%Click here to reveal e-mail address...
[Original message clipped]
|
|
| |
| |
| Peter Afonin |
Thank you, Joe.
I'll put here the whole function, I don't know if it would make sense to
you. I'm actually doing it on the Pag_Load event:
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
Try
Dim sUser As String
Dim dblSum As Double
Dim sPlan As String
Dim sTerm As String
Dim dblPrice As Double
Dim sCRC As String
If Not IsPostBack Then
sUser = Request.QueryString("user")
dblSum = Request.QueryString("sum")
dblPrice = Request.QueryString("price")
sPlan = Request.QueryString("plan")
sTerm = Request.QueryString("term")
Dim sEmail = Request.QueryString("email")
Dim unicodeString As String
If Request.QueryString("up") = 1 Then
Me.shp_Up.Value = "1"
unicodeString = "Upgrade to" & sPlan
Else
unicodeString = "Extension to " & sPlan & " for " & sTerm & " months"
Me.shp_Up.Value = "0"
End If
If Not IsDBNull(sUser) Then
If Me.shp_Up.Value = "0" Then
inv_desc.Value = "Hosting " & sPlan & " extension for " & sTerm & " months"
Else
inv_desc.Value = "Hosting upgrade to plan " & sPlan
End If
Me.shp_UserID.Value = sUser.ToString
Me.Description.Value = unicodeString
Me.shp_Price.Value = dblPrice.ToString
End If
If Not IsDBNull(dblSum) Then
out_summ.Value = dblSum.ToString("c")
End If
Me.shp_HostPlan.Value = sPlan
inv_id.Value = CLng(Format(Now, "HHmmss"))
Me.shp_PaymentNo.Value = CLng(Format(Now, "yyyyMMddHHmmss"))
If Not IsDBNull(sTerm) Then
Me.shp_Term.Value = sTerm
End If
If Not IsDBNull("email") Then
Me.shp_Email.Value = sEmail
End If
sCRC = "pva:" & dblSum.ToString & ":" & CLng(Format(Now, "HHmmss")) _
& ":pa0567Ztro:inv_desc=" & inv_desc.Value & ":shp_Email=" _
& sEmail & ":lang=ru" & ":shp_PaymentNo=" _
& CLng(Format(Now, "yyyyMMddHHmmss")).ToString & ":shp_UserID=" & sUser _
& ":shp_Price=" & dblPrice.ToString _
& ":shp_HostPlan=" & sPlan & ":shp_Term=" _
& sTerm
Dim enc As Encoder = System.Text.Encoding.Unicode.GetEncoder()
Dim unicodeText() As Byte
unicodeText = System.Text.UnicodeEncoding.Unicode.GetBytes(sCRC)
enc.GetBytes(sCRC.ToCharArray(), 0, sCRC.Length, unicodeText, _
0, True)
Dim oMD5 As New System.Security.Cryptography.MD5CryptoServiceProvider
Dim result() As Byte = oMD5.ComputeHash(unicodeText)
Dim sb As New StringBuilder
Dim i As Integer = 0
For i = 0 To CType(result.Length - 1, Integer)
sb.Append(result(i).ToString("X").PadLeft(2, "0"))
Next
sCRC = sb.ToString
sCRC = Convert.ToBase64String(MD5.ComputeHash(hashedBytes))
Me.crc.Value = sCRC
End If
Catch ex As Exception
lblError.Text = ex.Message
Finally
End Try
End Sub
The hidden textbox crc gets the value of sCRC, that is passed to the Payment
Gateway when the form is submitted.
Thanks,
Peter
"Joe Kaplan (MVP - ADSI)" <Click here to reveal e-mail address> wrote
in message news:#Click here to reveal e-mail address...
[Original message clipped]
|
|
| |
| |
| Joe Kaplan \(MVP - ADSI\) (VIP) |
Ok, I was thinking of a function kind of like this:
Private Function ComputeMD5Hash(ByVal input As String, ByVal
targetEncoding As Encoding) As String
Dim textData() As Byte
Dim hexString As String
textData = targetEncoding.GetBytes(input)
Dim hashProvider As New
System.Security.Cryptography.MD5CryptoServiceProvider
Dim md5Hash() As Byte = hashProvider.ComputeHash(textData)
Dim sb As New StringBuilder
Dim i As Integer = 0
For i = 0 To md5Hash.Length - 1
sb.Append(md5Hash(i).ToString("X2"))
Next
hexString = sb.ToString
Return hexString
End Function
You would call it in your code with:
hashText = ComputeMD5Hash(sCRC, Encoding.Unicode)
That would then leave three possibilities as to why you aren't getting the
same results as the vendor:
- The string you are passing in to sCRC is different from what they are
passing in
- You are using a different encoding to get the byte array than they are
- The output format you are getting is different (due to the bytes being
reversed or case sensitive or something)
My suspicion is that it is the encoding piece. You could also try
Encoding.ASCII and Encoding.UTF8 to see if those give you the result you are
looking for. Unicode will produce a totally different byte array than ASCII
and UTF8, so the hash will be different as a result.
Hopefully that will help you resolve it.
Joe K.
"Peter Afonin" <Click here to reveal e-mail address> wrote in message
news:e$Click here to reveal e-mail address...
[Original message clipped]
|
|
| |
| | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
