valerieschupbach
asked on
SHA256 algorithm in Amazaon Web Services
The new amazon web services require us to encode the request using the SHA256 algorithm using the Amazon Access Key.
However for all the implementations of SHA256 on the web the encryption is done based on a text to be encrypted only and no parameter for the key is made.
I would expect a call like strOutput = SHA256("My Text","Key") rather than SHA256("My text").
Is there anybody who has experience in this field with this?
Thanks
Valerie
However for all the implementations of SHA256 on the web the encryption is done based on a text to be encrypted only and no parameter for the key is made.
I would expect a call like strOutput = SHA256("My Text","Key") rather than SHA256("My text").
Is there anybody who has experience in this field with this?
Thanks
Valerie
ASKER
Ok, but can you supply a secret key for encoding?
The amazon web service documentation says "Calculate an RFC 2104-compliant HMAC with the SHA256 hash algorithm using the string above with our "dummy" Secret Access Key: 1234567890. For more information about this step, see documentation and code samples for your programming language. "
So they seem to imply that you encode the text using a separate key; as far as I can see the SHA256 algorithm does not allow you to supply one.
The amazon web service documentation says "Calculate an RFC 2104-compliant HMAC with the SHA256 hash algorithm using the string above with our "dummy" Secret Access Key: 1234567890. For more information about this step, see documentation and code samples for your programming language. "
So they seem to imply that you encode the text using a separate key; as far as I can see the SHA256 algorithm does not allow you to supply one.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value. The data to be encoded is often called the "message", and the hash value is sometimes called the message digest or simply digest.
The ideal cryptographic hash function has four main properties:
it is easy to compute the hash value for any given message,
it is infeasible to find a message that has a given hash,
it is infeasible to modify a message without changing its hash,
it is infeasible to find two different messages with the same hash.
Note that SHA256 is SHA-2 variant. The SHA hash functions and frinds are a set of cryptographic hash functions, and hence they dont require a key (for signing) in case you are using a HMAC.
http://en.wikipedia.org/wiki/SHA_hash_functions#SHA-256_.28a_SHA-2_variant.29_pseudocode
Here are some of the sample hashs:
SHA-256 hashes
SHA256("The quick brown fox jumps over the lazy dog")
= d7a8fbb3 07d78094 69ca9abc b0082e4f 8d5651e4 6d3cdb76 2d02d0bf 37c9e592
// Avalanche effect when changing the last word to "cog":
SHA256("The quick brown fox jumps over the lazy cog")
= e4c4d8f3 bf76b692 de791a17 3e053211 50f7a345 b46484fe 427f6acc 7ecc81be
The hash of the zero-length message is:
SHA256("")
= e3b0c442 98fc1c14 9afbf4c8 996fb924 27ae41e4 649b934c a495991b 7852b855
also you could refer to the RFC for more test vectors, if you did like.