I have been given the following nodejs code the generates a signature. This signature is generated by a third party and I need to validate their signature on our backend API in C#. Their code is:
const crypto = require("crypto");
const secret = "..."; //do not share!
const actualSignature = crypto
.createHmac("sha256", Buffer.from(secret , "hex"))
.update(request.body, "utf-8")
.digest("hex");
I have tried to implement in C# but I am uanble to get my signature to match theirs. Here's my code so far:
public byte[] GetHash(string body, string secret)
{
var secretBytes = Encoding.UTF8.GetBytes(secret);
var hexSharedSecretBytes = ByteToHexadecimalString(secretBytes);
var hexSecretBytes = Encoding.UTF8.GetBytes(hexSharedSecretBytes);
var hmac = new HMACSHA256(hexSecretBytes);
var bodyBytes = Encoding.UTF8.GetBytes(body);
return hmac.ComputeHash(bodyBytes);
}
private string ByteToHexadecimalString(byte[] buff)
{
return buff.Aggregate("", (current, i) => current + i.ToString("x2"));
}
I would greatly appreciate some help.