Home > Net >  Creating correct SHA256 hash in Powershell
Creating correct SHA256 hash in Powershell

Time:03-09

Good evening everybody. I have a problem with sha256 Hash.

I have this example string from the amazon pages:

GET
/
Action=ListUsers&Version=2010-05-08
content-type:application/x-www-form-urlencoded; charset=utf-8
host:iam.amazonaws.com
x-amz-date:20150830T123600Z

content-type;host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Amazon shows the hash result of this example string as the following:

**f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59**

The description is: this one: The hashed canonical request must be represented as a string of lowercase hexadecimal characters. The following example shows the result of using SHA-256 to hash the example canonical request.

Example Hashed canonical request

No matter what i do, i receive this hash: B51325A14138B31939381CB391819CE8A5F09DEEA778721C4360F0DAC1FAB79C

Here are 3 example codes:

function hash($request) {
    $sha256 = new-object -TypeName System.Security.Cryptography.SHA256Managed
    $utf8   = new-object -TypeName System.Text.UTF8Encoding
    
    $hash   = [System.BitConverter]::ToString($sha256.ComputeHash($utf8.GetBytes($request)))
    return $hash.replace('-','').toLower()
}
function hash2($request){
$mystream = [IO.MemoryStream]::new([byte[]][char[]]$request)
$hash = Get-FileHash -InputStream $mystream -Algorithm SHA256
$hash = $hash.Hash
return $hash.toLower()

}

function hash3($request)
{

$hasher = [System.Security.Cryptography.HashAlgorithm]::Create('sha256')
$hash = $hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($request))

$hashString = [System.BitConverter]::ToString($hash)
$hash = $hashString.Replace('-', '')
return $hash.toLower()
}

$string = "GET
/
Action=ListUsers&Version=2010-05-08
content-type:application/x-www-form-urlencoded; charset=utf-8
host:iam.amazonaws.com
x-amz-date:20150830T123600Z

content-type;host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"

hash $string

hash2 $string

hash3 $string

The only online calculator i found which calculates the same hash as amazon was this one: https://xorbin.com/tools/sha256-hash-calculator

Here is the original conent from amazon: https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html

Can anyone help, please?

Best regards Patrick

CodePudding user response:

At first I couldn't reproduce this behavior by copy-pasting your code. Then I pasted it into an editor configured to save all linebreaks as CRLF - at which point I also got B51325A14138B31939381CB391819CE8A5F09DEEA778721C4360F0DAC1FAB79C.

So the likely explanation is that you wrote your script in an editor that saves all files with Windows-style line breaks.

You can work around this by replacing all Windows style linebreaks in the resulting string value with a single newline character at runtime:

hash $string.Replace("`r`n", "`n")

CodePudding user response:

To complement Mathias R. Jessen's helpful answer:

  • It is the newline format (Windows CRLF vs. Unix LF) of the enclosing script file (.ps1) that determines the newline format of multiline string literals contained in the script (including here-string literals).

  • An alternative to explicitly replacing the CRLF sequences with LFs, as shown in Mathias' answer, is to re-save your .ps1 file with LF newlines (PowerShell won't mind).

    • For better cross-platform compatibility, consider configuring your editor to create LF-format PowerShell scripts by default.

CodePudding user response:

oh jesus :D Thank you so much @all! Thats it and i fight all this evening with it :D

  • Related