Sha256 keyword modifier

gboyd · June 1, 2018, 2:17pm

Matrix Version: 5.4.0.2

Does Matrix have SHA256 capabilities? I can see SHA1 keyword only.

Bart · June 7, 2018, 9:11am

What specific functionality around SHA256 are you after?

gboyd · June 13, 2018, 7:20am

The API which we are using requires you to use sha256 as part of signing requests. The steps for signing a request are:

Increment the token nonce so it is a higher number than the previous request. The increments do not need to be sequential.
Collect all the parameters you need to send for your request into a key/value array, include the token key and nonce.
Extract only the values from the parameters array and add the token secret.
Order these values alphabetically, they must be compared as strings rather than numbers.
Concatenate the values, joining by the ‘-’ character.
Generate the signature by hashing this string using the sha256 algorithm.
Add the secret to the parameters array.
Submit the request using either GET or POST.

Bart · June 16, 2018, 11:36pm

Thanks for explaining. So would a ^SHA256 keyword modifier similar to the SHA1 be useful?

tbaatar · May 2, 2019, 8:52pm

Hi Bart,

Can you confirm if SHA256 works/exists for Matrix 5.4+?
Wanting to test out the Cloudinary API/Widget and the Media Gallery requires generating auth signature in order to connect.

Thanks,
Tuguldur

JohnGill · May 3, 2019, 1:05am

Not as of 5.5.1.5 at least.

$ grep -n  "sha\|md5" general/text.inc
959:            case "md5":
960:                    return md5($text);
962:            case "sha1":
963:                    return sha1($text);
2041:                           $hash = '<!-- x'.md5($ssjs_block).strlen($ssjs_block).'x -->';

Bart · June 4, 2019, 9:14pm

Yea we don’t have a modifier for that. But perhaps you could do it with SSJS and using something like https://github.com/emn178/js-sha256 ?