API 使用 MD5 的签名作为 sha256 的密钥
API Signature using MD5 has as key for sha256
我正在尝试使用 Python 访问 coinnest.co.kr 的交易 API,这是一家加密货币交易所。为此,我必须遵循此处的文档:https://www.coinnest.co.kr/doc/private.html
We get a key pair of public key: asdf-asdf-asdf-asdf and private key: qwer-qewr-qwer-qwer.
The request parameters are:
"key":"asdf-asdf-asdf-asdf",
"nonce":1505209177,
"coin":"btc",
"id":3
Then the string to be signed will be:
key=asdf-asdf-asdf-asdf&nonce=1505209278&coin=btc&id=3
Now we use the md5 hash of qwer-qewr-qwer-qwer as the key and encrypt the above string by sha256 and we get 66b2935f3ba82a4a17074d439adab1043a63df4a177af68fe76a3f4f350ef55d, which will be used as the signature.
我目前的问题是无法获得与示例相同的结果。我不确定他们的例子是否准确。是私钥“qwer-qewr-qwer-qwer”或“qwer-qwer-qwer-qwer”。随机数是“1505209177”还是“1505209278”?
#!/usr/bin/python2.7
import hashlib
import hmac
secret = 'qwer-qewr-qwer-qwer'
message = 'key=asdf-asdf-asdf-asdf&nonce=1505209278&coin=btc&id=3'
key = hashlib.md5(secret).hexdigest()
print hmac.new(key, message, hashlib.sha256).hexdigest()
使用上面的代码,我获得了 "afdfb1c331670d95c93868948ff769719b28d879ac94589fa44c4d5b8eacab04" 的签名与预期的结果
"66b2935f3ba82a4a17074d439adab1043a63df4a177af68fe76a3f4f350ef55d"
也许你应该暴力破解 API 文档?
>>> secret1 = 'qwer-qewr-qwer-qwer'
>>> secret2 = 'qwer-qwer-qwer-qwer'
>>> message_template = 'key=asdf-asdf-asdf-asdf&nonce={}&coin=btc&id=3'
>>> target = '66b2935f3ba82a4a17074d439adab1043a63df4a177af68fe76a3f4f350ef55d'
>>> keys = [hashlib.md5(secret1).hexdigest(), hashlib.md5(secret1).digest(), hashlib.md5(secret2).hexdigest(), hashlib.md5(secret2).digest()]
>>>
>>> for i in range(1505000000, 1506000000):
... msg = message_template.format(i)
... for key in keys:
... if hmac.new(key, msg, hashlib.sha256).hexdigest() == target:
... print 'FOUND hmac', key, msg
... if hashlib.sha256(key + msg).hexdigest() == target:
... print 'FOUND sha256', key, msg
...
FOUND hmac fecfe400baa3ae47fe8c42f9c087ec90 key=asdf-asdf-asdf-asdf&nonce=1505209413&coin=btc&id=3
对应于:
>>> keys.index('fecfe400baa3ae47fe8c42f9c087ec90')
0
所以以下应该有效:
>>> hmac.new(hashlib.md5('qwer-qewr-qwer-qwer').hexdigest(), 'key=asdf-asdf-asdf-asdf&nonce=1505209413&coin=btc&id=3', hashlib.sha256).hexdigest()
'66b2935f3ba82a4a17074d439adab1043a63df4a177af68fe76a3f4f350ef55d'
看起来你做的是对的,但是他们的 nonce 改变了,qwer-qewr-qwer-qwer 私钥是正确的。
我正在尝试使用 Python 访问 coinnest.co.kr 的交易 API,这是一家加密货币交易所。为此,我必须遵循此处的文档:https://www.coinnest.co.kr/doc/private.html
We get a key pair of public key: asdf-asdf-asdf-asdf and private key: qwer-qewr-qwer-qwer.
The request parameters are:
"key":"asdf-asdf-asdf-asdf",
"nonce":1505209177,
"coin":"btc",
"id":3
Then the string to be signed will be:
key=asdf-asdf-asdf-asdf&nonce=1505209278&coin=btc&id=3
Now we use the md5 hash of qwer-qewr-qwer-qwer as the key and encrypt the above string by sha256 and we get 66b2935f3ba82a4a17074d439adab1043a63df4a177af68fe76a3f4f350ef55d, which will be used as the signature.
我目前的问题是无法获得与示例相同的结果。我不确定他们的例子是否准确。是私钥“qwer-qewr-qwer-qwer”或“qwer-qwer-qwer-qwer”。随机数是“1505209177”还是“1505209278”?
#!/usr/bin/python2.7
import hashlib
import hmac
secret = 'qwer-qewr-qwer-qwer'
message = 'key=asdf-asdf-asdf-asdf&nonce=1505209278&coin=btc&id=3'
key = hashlib.md5(secret).hexdigest()
print hmac.new(key, message, hashlib.sha256).hexdigest()
使用上面的代码,我获得了 "afdfb1c331670d95c93868948ff769719b28d879ac94589fa44c4d5b8eacab04" 的签名与预期的结果
"66b2935f3ba82a4a17074d439adab1043a63df4a177af68fe76a3f4f350ef55d"
也许你应该暴力破解 API 文档?
>>> secret1 = 'qwer-qewr-qwer-qwer'
>>> secret2 = 'qwer-qwer-qwer-qwer'
>>> message_template = 'key=asdf-asdf-asdf-asdf&nonce={}&coin=btc&id=3'
>>> target = '66b2935f3ba82a4a17074d439adab1043a63df4a177af68fe76a3f4f350ef55d'
>>> keys = [hashlib.md5(secret1).hexdigest(), hashlib.md5(secret1).digest(), hashlib.md5(secret2).hexdigest(), hashlib.md5(secret2).digest()]
>>>
>>> for i in range(1505000000, 1506000000):
... msg = message_template.format(i)
... for key in keys:
... if hmac.new(key, msg, hashlib.sha256).hexdigest() == target:
... print 'FOUND hmac', key, msg
... if hashlib.sha256(key + msg).hexdigest() == target:
... print 'FOUND sha256', key, msg
...
FOUND hmac fecfe400baa3ae47fe8c42f9c087ec90 key=asdf-asdf-asdf-asdf&nonce=1505209413&coin=btc&id=3
对应于:
>>> keys.index('fecfe400baa3ae47fe8c42f9c087ec90')
0
所以以下应该有效:
>>> hmac.new(hashlib.md5('qwer-qewr-qwer-qwer').hexdigest(), 'key=asdf-asdf-asdf-asdf&nonce=1505209413&coin=btc&id=3', hashlib.sha256).hexdigest()
'66b2935f3ba82a4a17074d439adab1043a63df4a177af68fe76a3f4f350ef55d'
看起来你做的是对的,但是他们的 nonce 改变了,qwer-qewr-qwer-qwer 私钥是正确的。