Generate SHA256 HMAC signature in Python

Question

I'm trying to generate a SHA256 HMAC signature for a FTX websocket. I am using the params fromt he official example https://docs.ftx.com/#private-channels.

It should generate d10b5a67a1a941ae9463a60b285ae845cdeac1b11edc7da9977bef0228b96de9

but I am getting ad38fa3566de972abb736bc0db2f7cd39daa48b14421e168422303bf2f03c6de

here is what I tried:

import hmac
import hashlib
import base64

time = '1557246346499'
secret = 'Y2QTHI23f23f23jfjas23f23To0RfUwX3H42fvN-'


digest = hmac.new(bytes(time, 'UTF-8'),
                bytes(secret, 'UTF-8'), hashlib.sha256)
signature = digest.hexdigest()
print(signature)

bereal · Answer 1 · 2022-01-11T11:48:40.373

There are two mistakes: first, hmac.new() takes the arguments in the reverse order: hmac.new(secret, msg, digestmod), and second, the message should be <time>websocket_login:

import hmac
import hashlib

time = '1557246346499'
secret = 'Y2QTHI23f23f23jfjas23f23To0RfUwX3H42fvN-'


digest = hmac.new(
    secret.encode(), 
    f'{time}websocket_login'.encode(),
    hashlib.sha256
)
signature = digest.hexdigest()
print(signature)

score 0 · Answer 2 · answered Jan 11 '22 at 11:44

I'm not familiar with these things, but your code differs from the one I found in Python encoded message with HMAC-SHA256, message and key seem to be swapped.
That would be a duplicate only, however another thing is that the documentation you link says

sign: SHA256 HMAC of the following string, using your API secret: <time>websocket_login

So it's not 1557246346499, but 1557246346499websocket_login what you need.

Put together:

import hmac
import hashlib

time = '1557246346499websocket_login'
secret = 'Y2QTHI23f23f23jfjas23f23To0RfUwX3H42fvN-'


signature = hmac.new(bytes(secret , 'latin-1'), msg = bytes(time , 'latin-1'), digestmod = hashlib.sha256).hexdigest()
print(signature)

Generates the expected output.

Generate SHA256 HMAC signature in Python

2 Answers2