coinbase-api - Coinbase Pro API - 无效签名
问题描述
这是从原始帖子编辑的:
从文档:
签署消息 CB-ACCESS-SIGN 标头是通过使用 prehash 字符串时间戳 + 方法 + requestPath + 正文(其中 + 表示字符串连接)上的 base64 解码密钥创建 sha256 HMAC 和 base64 编码输出来生成的。时间戳值与 CB-ACCESS-TIMESTAMP 标头相同。
这是我删除的密钥中的信息。这是来自 Coinbase Pro 沙盒:
公钥:
06057d5b5e03d0f8587a248330402b21
密码:
gcgs6k6rp0f
密钥:EFAToD5heo66GIgZlT2TIZzJf8TYlmxyeRxRYDHTBv3lTt9XN6uaNS0RNAy0os/caR47x6EiPDOV3Ik+YzrfEA==
我正在使用角度,特别是 node.js crypto-js 库:
private generateSignaturePro(timestamp: string, method: string, resourceUrl: string, requestBody: string): string {
var prehash: string = timestamp + method + resourceUrl + requestBody;
var key = (Buffer.from(this.secretKey, 'base64')).toString();
return crypto.enc.Base64.stringify(crypto.HmacSHA256(prehash, key));
}
服务器时间为 Time: 2019-05-20T19:01:38.711Z Epoch: 1558378898.711 (来自 /time 端点)
这是我的请求和服务器响应:
要求:
Request URL: https://api-public.sandbox.pro.coinbase.com/accounts
Request Method: GET
Status Code: 400
Remote Address: 104.16.161.226:443
Referrer Policy: no-referrer-when-downgrade
请求标头:
Provisional headers are shown
Accept: application/json, text/plain, */*
CB-ACCESS-KEY: 06057d5b5e03d0f8587a248330402b21
CB-ACCESS-PASSPHRASE: gcgs6k6rp0f
CB-ACCESS-SIGN: 0cc2BnQYdUhLucXSPwMTjpHjJ32G3RXSH44rSsEopvjAtY90uRCMVy6xUrzg/A/aRJBLqx390fcZc7lmJeP++g==
CB-ACCESS-TIMESTAMP: 1558378899
Referer: https://localhost:44342/dashboard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36
响应标头:
access-control-allow-headers: Content-Type, Accept, cb-session, cb-fp
access-control-allow-methods: GET,POST,DELETE,PUT
access-control-allow-origin: *
access-control-expose-headers: cb-before, cb-after, cb-gdpr
access-control-max-age: 7200
cache-control: no-store
cf-cache-status: MISS
cf-ray: 4da08f74ba97cf68-IAD
content-length: 31
content-type: application/json; charset=utf-8
date: Mon, 20 May 2019 19:01:38 GMT
etag: W/"1f-4RjKVp8I05+xcnQ5/G16yRoMSKU"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
status: 400
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
回复:
{"message":"invalid signature"}
我究竟做错了什么?
编辑:将方法更改为 SHA 256 版本。还是不行。
解决方案
我遇到了同样的问题,我的代码基本上和你的一样。我更改为以下(c#),它终于奏效了。奇怪的是,coinbase pro 是迄今为止我在签名方面遇到问题的唯一交易所。无论如何,这是对我有用的代码。希望这可以帮助。会为我节省几个小时
public string ComputeSignature(
HttpMethod httpMethod,
string secret,
double timestamp,
string requestUri,
string contentBody = "")
{
var convertedString = System.Convert.FromBase64String(secret);
var prehash = timestamp.ToString("F0", CultureInfo.InvariantCulture) + httpMethod.ToString().ToUpper() + requestUri + contentBody;
return HashString(prehash, convertedString);
}
private string HashString(string str, byte[] secret)
{
var bytes = Encoding.UTF8.GetBytes(str);
using (var hmaccsha = new HMACSHA256(secret))
{
return System.Convert.ToBase64String(hmaccsha.ComputeHash(bytes));
}
}
推荐阅读
- javascript - User Adjustable Div Width
- spring-security - Azure AD SAML Authentication with Spring Security 5.3.2 (not SAML Extension)
- python - 如何摆脱json文件中的所有'\'
- java - When initialising an object in java, how can I name the object based on a variable passed to the method?
- python - Python 3.7.6 网络爬虫写入 csv 会截断结果
- javascript - JavaScript(在旋转排序数组中查找最小值)
- encryption - 谁将 RSA 私钥给对方
- xcode - 如何防止 Xcode 的重新缩进(Control + i)功能滚动到底部?
- python-3.x - 创建一个只接受特定用户并使任何其他用户无效的问候程序
- r - 在 R 中计算夏普比率时的时间序列相关误差