B4J Question Sign the nonce with secret using HMAC-SHA256

[pedrocam]

Hi there,

I am trying to access the blinktrade bitcoin platform API. I am trying to do the following curl request within B4J, but I am having a hard time. I keep getting invalid APIKey, but I think the problem is with the formating of the code. Here is instructions on the site:

{"MsgType":"U2","BalanceReqID":1}
message='{ "MsgType": "U2", "BalanceReqID": 1 }'

api_url='API_URL_REST_ENDPOINT'
api_key='YOUR_API_KEY_GENERATED_IN_API_MODULE'
api_secret='YOUR_SECRET_KEY_GENERATED_IN_API_MODULE'

nonce=`date +%s`
signature=`echo -n "$nonce" | openssl dgst -sha256 -hex -hmac "$api_secret" | cut -d ' ' -f 2`

curl -X POST "$api_url" \
-H "APIKey:$api_key" \
-H "Nonce:$nonce" \
-H "Signature:$signature" \
-H "Content-Type:application/json" \
-d "$message"

And this is how I am trying to convert it to B4J

Dim message, api_url, api_key, api_secret, nonce, signature As String

    api_key="xxxxxxxxxxkeyhere"
    api_secret="xxxxxxxxxxxxsecrethere"
    nonce=DateTime.Now

    signature="echo -n " & QUOTE & nonce & QUOTE & " | openssl dgst -sha256 -hex -hmac " & QUOTE & api_secret & QUOTE & " | cut -d ' ' -f 2"
 
    Dim Job As HttpJob
    Job.Initialize("FoxBit", Me)
    Job.PostString("https://api.blinktrade.com/tapi/v1/message", "{ " & QUOTE & "MsgType" & QUOTE & ": " & QUOTE & "U2" & QUOTE & ", " & QUOTE & "BalanceReqID" & QUOTE & ": 1 }")
    Job.GetRequest.SetHeader("ContentType","application/json")
    Job.GetRequest.SetHeader("APIKey",api_key)
    Job.GetRequest.SetHeader("Nonce",nonce)
    Job.GetRequest.SetHeader("Signature",signature)

I think (know) that I am unable to correctly Sign the nonce with secret using HMAC-SHA256 to create the correct signature.. I searched around for code to do this, but was unable to port some from b4a, or create one.

Plus I am not sure if I am doing the nonce correctly..
I think that the curl request is correctly formatted but I am not sure as well..

Any help? Thank you!

 

[Erel]

Your code is wrong. openssl is an external program. It is not a parameter.

Your code just sends this string. You need to use the Encryption library to generate the signature.

 

[pedrocam]

Hi Erel, thanks for the reply. Yes, I imagined that I need to do that, however I was unable to port code from a B4A project to B4J. Can you please give me an example or point to an example in B4J of how to sign it with a secret key using HMAC-SHA256? Thank you very much.

 

[DonManfred]

how to sign it with a secret key using HMAC-SHA256?

Did you tried to USE the forumsearch first (i mean; BEFORE asking here)? I´m pretty sure you can find the answer....

 

[pedrocam]

Hi Don I did search the forum as usual and was stuck anyhow. Anyways I figured it out. I was using the B4J encryption library and not the B4A one. Thanks!

Solution is to copy the B4A Encryption and ByteConverter libraries to the B4J Library folder. And then the code looks like this:

Dim message, api_key, api_secret, nonce, signature As String

    message="{ ""MsgType"": ""U2"", ""BalanceReqID"": 1 }"
    api_key="xxxxxxxxxxkeyhere"
    api_secret="xxxxxxxxxxxxsecrethere"
    nonce=DateTime.Now
 
    Dim m As Mac
    Dim k As KeyGenerator
    k.Initialize("HMACSHA256")
    k.KeyFromBytes(api_secret.GetBytes("UTF8"))
    m.Initialise("HMACSHA256", k.Key)
    m.Update(nonce.GetBytes("UTF8"))
    Dim b() As Byte
    b = m.Sign
    Dim bc As ByteConverter
    Log(bc.HexFromBytes(b))
 
    signature=bc.HexFromBytes(b)

    Dim Job As HttpJob
    Job.Initialize("bitfox", Me)
    Job.PostString("https://api.blinktrade.com/tapi/v1/message", "{ " & QUOTE & "MsgType" & QUOTE & ": " & QUOTE & "U2" & QUOTE & ", " & QUOTE & "BalanceReqID" & QUOTE & ": 1 }")
    Job.GetRequest.SetHeader("ContentType","application/json")
    Job.GetRequest.SetHeader("APIKey",api_key)
    Job.GetRequest.SetHeader("Nonce",nonce)