Generating HMAC SHA3-512 in netcore2.1 - asp.net-core

I've already found some ways how to generate SHA3 in netcore 2.1. (e.g. SHA3.Net). Is there a way how to generate HMAC using SHA3-512 hash function. AFAIK it should be only some combination of SHA3(secret + content), but I can't find any working solution for HMAC based on SHA3-512. It's requested by 3rd party API I need to use, so there's no other option.
Result must be the same as result provided by this online tool (hash type sha3-512): https://wtools.io/generate-hmac-hash
Does anybody know how to generate HMAC properly for SHA3-512 under .netcore 2.1?
Thanks

Related

Method to prove authenticity of download files in hindsight

I'm looking for a tool or method to prove the authenticity of resources download from the web and stored locally. To be clear: I don't mean the SHA or MD5 checksums to verify a downloaded file. What I need is a way to download and store a web resource in such a way that I can later prove that said resource indeed originated from that web server.
In particular for the following scenario: A website published an article about a client. He would like to sue for defamation of character. I need a way to store the article without them having the possibility of simply removing it and denying they ever published it. So preferably this would be a tool that is backed by publications making it credible in court.
I have thought about storing the TLS certificate, keys and the encrypted data. That would rely on the root CA, but I think that would in itself not be a problem. I could do this using a custom program and a library like OpenSSL, but I think this is such a common problem, there probably is a relatively standard tool for it. Also, I am not entirely sure to what extent this would constitute reliable evidence. And can someone point to publications that would back this method?
Maybe I am using the wrong search terms, but everything I find is about aforementioned SHA or MD5 checksums. Any help is much appreciated.
If I understand correctly you need something like signature with timestamp. Yes?
You not only need checksum from document (article, text value, whatever) but also proof that this article really existed in time.
When using digital signature you can store such timestamp in 3rd party certified providers. You sign document and send checksum to 3rd party provider. Later you can ask provider to verify that this exact document is valid & was indeed created at given time.
https://en.wikipedia.org/wiki/Trusted_timestamping
As this can cost (fee for provider to store the timestamps) you can create checksums from many documents (like take all documents from one hour), store all of them in a single file, create checksum from that file and sign it with timestamp. This way you create one timestamp for documents batch, not for each document.

What is the correct way of getting an app key in google?

I'm trying out a simple code I found using www::google::customsearch. I know that google and yahoo has already change its policy in allowing these searches.
use strict;
use warnings;
use Data::Dumper;
use WWW::Google::CustomSearch;
my $api_key = 'Your_API_Key';
my $cx = 'Search_Engine_Identifier';
my $engine = WWW::Google::CustomSearch->new(api_key => $api_key, cx => $cx);
print Dumper($engine->search("Google"));
I am not sure if this module will work. I was just trying to test it. This is a sample from cpan. I tried running the code I keep getting a missing argument which is the api key.
This is so far what I have done. I have signed in google and created a custom search engine. I copied the search engine reference code. I have tried the example code in javascript. I placed it in a sample html. It works.
I have also signed in google and turned on custom search engine api, and generated an app key.
What is the correct step in getting an application key?
I tried running the code I keep getting a missing argument which is the api key.
You did not try to execute the given code as it is, did you? You are supposed to pass the actual key in below line.
my $api_key = 'Your_API_Key';
Your_API_Key should be replaced with the key you get from Google API console.
What is the correct step in getting an application key?
Quoting from the documentation on how to find it.
The JSON / Atom Custom Search API requires the use of an API key,
which you can get from the Google APIs console. The API provides 100
search queries per day for free. If you need more, you may sign up for
billing in the console.
The official Google API document can be found here. For more
information about the Google custom search, please click here.

What is the "secret key" used in the JWT example in the RFC?

I have been reading the JWT RFC, and in section 3.1 they give an example JWT along with the MAC.
I was wondering if: is it known what is the value of the secret key that they used with SHA-256 to generate the example in RFC?
I want to use the example in a test case so I'd like to reproduce it exactly.
Turns out the key is given in Appendix 1.1 of the draft for "JSON Web Signature (JWS)" in the JSON Web Key format as:
{
"kty":"oct",
"k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"
}
I misunderstood that the two links named "Appendix A.1" at the end of the "JWT Example" section actually go to different locations. Tha passage with the links is reproduced below:
This computation is illustrated in more detail in Appendix A.1 of [JWS]. See Appendix A.1 for an example of an encrypted JWT.

In-built key Generation Algorithm using SHA256

I am working on an application in c# .Net where data needs to be encrypted and Since data privacy is my ultimate motive , I am doing it using AES Encryption and I use PasswordDervieBytes for determining the Secret Key. Now Since it uses SHA1 which is broken , I would like to know whether there is an in-built function which uses SHA256 for obtaining my secret key. I also know that RFC2898 can be used but then it also uses SHA1... So, Is there an In-built function which uses SHA256 algorithm ? Thank You in advance for your valuable answers !!
There is a SHA256Managed class that will hash the input. It will not encrypt it...

Generating Digital Signature

I wanted to generate digital signature in my asp.net application based on some value
like date of birth. what is the way to do that ? i am using vb.net
If you decide that you really do want what that Wikipedia article talks about, then see the SignedXml class in the System.Security.Cryptography.Xml namespace.
Note that this isn't the only way to work with Digital Signature in .NET - it's just the part I've worked with before.