bliako has asked for the wisdom of the Perl Monks concerning the following question:
Wise Monks,
I know that in a Perl string the 0x0 character has no special meaning (unlike C) and so one can mix binary data (range 0-255, i.e. it may contain 0x0) with a "normal printed" string (i.e. with chars in 1-127) and unicode strings. So, the following will work(?):
my $str = "hello"; # no special chars, 1-127 my $sha256 = Digest::SHA::sha256("abc123"); # bytes 0-255 my $hmac = Digest::SHA::hmac_sha512("a message", "a key"); # bytes 0-2 +55 # edit, the following is mangled by PM's editor, imagine greek letters + here: my $unicode_string = "αβγαabc123"; # unicode chars + mixed with lower-ascii my $buffer = ""; # buffer to concatenate above into and POST them for($str, $sha256, $hmac, $unicode_string){ $buffer .= Encode::encode("UTF-8", $_); } my $b64 = base64_encode($buffer); my $HTTPheader = "ABC: $b64"; $ua->POST("aurl" ... $b64 ... $HTTPheader ...); $ua->GET("aurl" ... $b64 ... $HTTPheader ...); $ua->POST("aurl" ... $buffer ... $HTTPheader ...); $ua->GET("aurl" ... $buffer ... $HTTPheader ...); $ua->GET("aurl" ... $unicode_string ... $HTTPheader ...);
1) Is this the correct way to do this?
2) Also, I have a question about why I need to encode in "UTF-8". Does that make sure that the "double-bytes" and possible "single-bytes" are all becoming a stream of "single-bytes"?
3) How do I treat the $buffer, in Perl, before I do a POST and GET, assuming the receiver is liberal in what it accepts? Obviously a base64 is safe but under what conditions can I send $unicode_string as is. Will sending $buffer (as is, after treated with Encode) work?
4) Is Encode::encode("UTF-8", $sha256) altering my binary data? Is it harmful on strings with binary data?
(please correct my terminology and feel free to correct it, I tried to avoid encodings for too long - note also that I am trying to find the safe way to do things when strings are mixed, i don't have a particular requirement)
EDIT: Actually, I am trying to translate some python code into Perl (see https://docs.kraken.com/rest/#section/Authentication/Headers-and-Signature):
postdata = urllib.parse.urlencode(data) encoded = (str(data['nonce']) + postdata).encode() message = urlpath.encode() + hashlib.sha256(encoded).digest()
And (@haj) I wanted to mix binary and non-binary strings like they do in message. I ended up with:
my $postdata = Encode::encode('UTF-8', "x=1&y=2&z=greektext"); # for e +xample, my $p1 = "$nonsense".'&'.$postdata; # yes & needed my $p1_utf8 = Encode::encode_utf8($p1); my $api_sha256 = Digest::SHA::sha256($p1_utf8); my $message = Encode::encode_utf8($api_path) . Encode::encode_utf8($api_method) . $api_sha256; #<< last one is binary # ... and post after some more massaging
bw, bliako