5

Good evening everybody. I have a problem with sha256 Hash.

I have this example string from the amazon pages:

GET
/
Action=ListUsers&Version=2010-05-08
content-type:application/x-www-form-urlencoded; charset=utf-8
host:iam.amazonaws.com
x-amz-date:20150830T123600Z

content-type;host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Amazon shows the hash result of this example string as the following:

**f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59**

The description is: this one: The hashed canonical request must be represented as a string of lowercase hexadecimal characters. The following example shows the result of using SHA-256 to hash the example canonical request.

Example Hashed canonical request

No matter what i do, i receive this hash: B51325A14138B31939381CB391819CE8A5F09DEEA778721C4360F0DAC1FAB79C

Here are 3 example codes:

function hash($request) {
    $sha256 = new-object -TypeName System.Security.Cryptography.SHA256Managed
    $utf8   = new-object -TypeName System.Text.UTF8Encoding
    
    $hash   = [System.BitConverter]::ToString($sha256.ComputeHash($utf8.GetBytes($request)))
    return $hash.replace('-','').toLower()
}
function hash2($request){
$mystream = [IO.MemoryStream]::new([byte[]][char[]]$request)
$hash = Get-FileHash -InputStream $mystream -Algorithm SHA256
$hash = $hash.Hash
return $hash.toLower()

}

function hash3($request)
{

$hasher = [System.Security.Cryptography.HashAlgorithm]::Create('sha256')
$hash = $hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($request))

$hashString = [System.BitConverter]::ToString($hash)
$hash = $hashString.Replace('-', '')
return $hash.toLower()
}

$string = "GET
/
Action=ListUsers&Version=2010-05-08
content-type:application/x-www-form-urlencoded; charset=utf-8
host:iam.amazonaws.com
x-amz-date:20150830T123600Z

content-type;host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"

hash $string

hash2 $string

hash3 $string

The only online calculator i found which calculates the same hash as amazon was this one: https://xorbin.com/tools/sha256-hash-calculator

Here is the original conent from amazon: https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html

Can anyone help, please?

Best regards Patrick

Improve this question
1
  • 3
    This discrepancy is down to newline encoding in whichever editor you used to write the script. hash $string.Replace("`r`n", "`n") will give you the correct hash Commented Mar 8, 2022 at 20:51

2 Answers 2

Reset to default
4

At first I couldn't reproduce this behavior by copy-pasting your code. Then I pasted it into an editor configured to save all linebreaks as CRLF - at which point I also got B51325A14138B31939381CB391819CE8A5F09DEEA778721C4360F0DAC1FAB79C.

So the likely explanation is that you wrote your script in an editor that saves all files with Windows-style line breaks.

You can work around this by replacing all Windows style linebreaks in the resulting string value with a single newline character at runtime:

hash $string.Replace("`r`n", "`n")
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

makes sense why I was unable to reproduce on Linux
@SantiagoSquarzon Yeah, but you can repro by reversing it: hash ($string -replace '(?<!\r)\n',"`r`n")) :)
3

To complement Mathias R. Jessen's helpful answer:

  • It is the newline format (Windows CRLF vs. Unix LF) of the enclosing script file (.ps1) that determines the newline format of multiline string literals contained in the script (including here-string literals).

  • An alternative to explicitly replacing the CRLF sequences with LFs, as shown in Mathias' answer, is to re-save your .ps1 file with LF newlines (PowerShell won't mind).

    • For better cross-platform compatibility, consider configuring your editor to create LF-format PowerShell scripts by default.
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.