0

Payload contains an HMAC tag as well as a nonce for AES. Client-side printing the tag and nonce result in (for example):

#tag:  b'=x\x9d{_0\xf9;c8\x94inc]\xb1'
#nonce:  b'\x1f\xf4\xbe\xcc\xf2\x84f\xf2*\x8dP\x16\xc8\x02\xfe\xbe'

requests.post(url, data=payload, headers={"Content-Type": "application/octet-stream"}, verify="myShnazzyCertificate.pem")

Server-side, my flask api route receives a tag and nonce that have evidently been urlencoded:

data = flask.request.data
## stuff happens here, then -> print("tag: ", tag); print("nonce: ", nonce)
#tag:  b'%3Dx%9D%7B_0%F9%3Bc8%94inc%5D%B1'
#nonce:  b'%1F%F4%BE%CC%F2%84f%F2%2A%8DP%16%C8%02%FE%BE'

How do I remove the urlencoding (or prevent it from happening?) while keeping the tag and nonce as bytecode? I tried:

tag = tag.replace(b"%", bytes(r"\x".encode("utf-8")))
nonce = nonce.replace(b"%", bytes(r"\x".encode("utf-8")))

But HMAC verification failed since the tag has "{" and the nonce has "*" which also got encoded, so I'd need something more exhaustive.

Improve this question

2 Answers 2

Reset to default
0

Although there may be a way to use "Content-Type": "application/octet-stream" to send binary parameters, I've always considered it to be intended for files.

I suggest not sending binary params via HTTP (a "text protocol") by converting the binary to url-safe text and back, e.g. base64

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Cheers to @Kache for mentioning what should have been obvious: just base64 encode to send plaintext.

For future reference, this is how I did so.

Client-side:

tag   = base64.b64encode(tag)
nonce = base64.b64encode(nonce)
# tag and nonce are packed into the payload dictionary
requests.post(url, json=payload, verify="myShnazzyCertificate.pem")

Server-side:

payload = flask.request.json

# tag and nonce are unpacked from the above payload dictionary and then
tag        = base64.b64decode(tag)                                              
nonce      = base64.b64decode(nonce)

# ... tag and nonce are used successfully to decrypt data
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.