I am trying to access this endpoint, where signature parameter has to be sent as query parameter
https://binance-docs.github.io/apidocs/spot/en/#current-open-orders-user_data
I am trying to understand what value for that signature key should be passed.
Firstly i thought it was secret key binance exchange given. But it was not, because when try to above endpoint it says that :
{
"code": -1022,
"msg": "Signature for this request is not valid."
}
^Postman
As you can see i passed my secret key as the value for signature key. It is not working. So what am i really missing here ? or do i need to do some transformations to the secret key ? please help me understand it and advance thanks!
It looks like you are putting the timestamp before the recvWindow in your query string.
timestamp is always the last parameter and the order of the parameters in the docs clearly puts recvWindow before timestamp.
I managed to get it working with query string recvWindow=60000×tamp=1652512756366
Secret key and signature are two different things.
You need to sign the parameters with your secret key. This process produces a signature. And then you pass this resulting signature to the payload.
I'm not sure how to produce the signature in C++, however Binance docs show an example of signing the data in console with openssl (scroll right on all 3 examples).
Related
I'm trying to make an authorized Google API call using a JWT.
But when I send the request I get this error:
{
"error": "invalid_grant",
"error_description": "Invalid JWT Signature."
}
I'm following this manual https://developers.google.com/identity/protocols/oauth2/service-account#httprest
The JWT consists of three parts: header, claim set and signature. The header is always the same for authentication and I set every neccessary parameter in the claim set.
Now for the signature it says that you have to encode the header and claim set using Base64url and concatenate them together with a period: {Base64url encoded header}.{Base64url encoded claim set}
Then you sign this using SHA256withRSA and encode the result as well using Base64url again. After that you get the JWT also by concatenating them together: {Base64url encoded header}.{Base64url encoded claim set}.{Base64url encoded signature}
But when I send the request using the JWT I always get the said error. I also tried encoding it first and then signing it but I get the same result.
Am I creating the signature correctly?
If so does anyone have an idea what else the problem could be?
So with the information you provided, your signature is invalid.
You can use https://jwt.io debugger to validate your token and compare the Base64url results.
I am working on a cloud HSM service and I see CKA_ATTRIBUTE_INVALID error when I am trying to create a AES 256 key with following attributes:
CKA_TOKEN=0
CKA_SENSITIVE=0
CKA_PRIVATE=1
CKA_ENCRYPT=1
CKA_DECRYPT=1
CKA_SIGN=1
CKA_VERIFY=1
CKA_WRAP=1
CKA_UNWRAP=1
CKA_DERIVE=1
CKA_EXTRACTABLE=1
CKA_MODIFIABLE=0
and hence the error:
Status: C_DeriveKey returned error. (CKR_ATTRIBUTE_VALUE_INVALID)
I figured out if I pass CKA_SENSITIVE and CKA_PRIVATE both as 1 it passes and key gets created.
My question is how do I know which are the valid attribute combinations?
Can someone point me to a documentation, please.
I didn't find much details in standard PKCS#11 spec guide.
I would appreciate any help here!!
Cheers.
As far as I can see the following attributes are have wrong values:
CKA_SIGN=1
CKA_VERIFY=1
Symmetric key can't be used in signing.
Also this values are have some questions:
CKA_TOKEN=0
means that the key is session object,
CKA_SENSITIVE=0
means that the key value is "visible" - it is not secure.
From my experience:
try to remove attributes from template one by one and you can find which of them are wrong.
Calling the getContentServiceInfo1 REST API seems to return the same data regardless of provided reqSpecifier and notrim values. I am using this call as part of the refresh account flow to determine whether the service requires MFA. Is there another call that I can make to achieve the same thing?
I noticed that the values accepted for reqSpecifier are essentially binary bit masks but providing the flag as 10000000, or even 0b10000000 for that matter, instead of 128 does not change the results. What value and value type should I be providing for reqSpecifier to get more than the basic level information? Relevant request and return information when using this API call for E*Trade is below.
Request (cobrand token is omitted):
{"cobSessionToken":"",
"contentServiceId":24,
"reqSpecifier":128,
"notrim":true}
Response (this is always the response I get unless I provide arguments that result in an error):
{"contentServiceId":24,
"siteId":744,
"containerInfo":{"containerName":"stocks","assetType":1}}
This response comes when you pass "notrim" value as "false", if you are passing it "false" then please pass it as true. It should work.
I'm struggling adding authenticated attributes (OCSP data) to my message using CryptoApi. I first used CryptoApi's simplified message functions, but now switch to the low-level message functions, thinking that I would be able to control the message structure better. But I am once again stuck. My process is as follows:
Initialize CMSG_SIGNER_ENCODE_INFO and CMSG_SIGNED_ENCODE_INFO structure
I create a CRYPT_ATTRIBUTE for the ocsp date and specifies it in the CMSG_SIGNER_ENCODE_INFO structure
I then call CryptMsgCalculateEncodedLength to get the size
CryptMsgOpenToEncode with CMSG_SIGNED as the message type
CryptMsgUpdate, to insert my content into the message
CryptMsgGetParam with CMSG_CONTENT_PARAM to get the encoded blob
CryptMsgClose, I'm done with the message for now.
I open the message again to get the CMSG_ENCRYPTED_DIGEST, which is sent to a TSA and the result is added as an unaunthenticated attribute using CryptMsgControl.
I'm using this to sign signature tags in Adobe. So when there is no authenticated attributes, I receive three green check from Adobe:
The document has not been modified...
The document is signed by the current user
The signature includes an embedded timestamp (and the timestamp is validate)
But as soon as the authenticated attribute is added the signer's identity is invalidated and the timestamp data in incorrect. The CMSG_COMPUTED_HASH_PARAM when authenticated attributes are added and when not, differs. Should this not be the same? Since the document digest is of the content of the document and not of the authenticated attribute.
Is there another way to add authenticated attributes? I've tried to add it as a signer using CryptMsgControl, but that did not help either...
how about this step on adding the authenticated attributes for signing, example time stamping,
CryptEncodeObject(PKCS_7_ASN_ENCODING, szOID_RSA_signingTime, &curtime, pTime, &szTime);
pTime = (BYTE *)LocalAlloc(GPTR, szTime);
CryptEncodeObject(PKCS_7_ASN_ENCODING, szOID_RSA_signingTime, &curtime, pTime, &szTime);
time_blob.cbData = szTime;
time_blob.pbData = pTime;
attrib[0].pszObjId = szOID_RSA_signingTime;
attrib[0].cValue = 1;
attrib[0].rgValue = &time_blob;
CosignerInfo.cAuthAttr = 1;
CosignerInfo.rgAuthAttr = attrib;
and that Cosigner params is from CMSG_SIGNER_ENCODE_INFO CosignerInfo;
I'm trying to use the http://Astrid.com API, specifically to get data using the method under the "Request Format" section on this page - http://astrid.com/apidoc/file.README.html
The URL I built is:
https://astrid.com/api/7/task_list?app_id=[MY APP ID]&time=1&user_id=[MY USER ID]&sig=[MY REQUEST SIGNATURE]
And it returns this:
{"list":[],"time":1363131562,"status":"success"}
Seems like it worked, but does anyone know why the "list" array might be returning empty? I've created a bunch of tasks in my profile so it should be showing those.
Thanks!
You need to sign in first with the method user_signin. If successful you get a token.
Then you need to call the task_list method providing the token.
You do not need to provide a user id with the task_list method. It is only used to select tasks that you share with this user.
Example for signing in:
https://astrid.com/api/7/user_signin?provider=password&app_id=YOUR_APP_ID&secret=YOUR_ASTRID_PASSWORD&sig=SIGNATURE&time=1365715302.36&email=YOUR_EMAIL
Example for getting your tasks:
https://astrid.com/api/7/task_list?active=true&token=THE_TOKEN&sig=SIGNATURE&app_id=YOUR_APP_ID&time=1365715304.41