I'm trying to generate the correct response to a websocket connect. The websocket connect is: GET /chat HTTP/1.1 Host: example.com:8000 Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ=Sec-WebSocket-Version: 13 So I take the Sec-WebSocket-Key above and add the extra part and put that in /tmp/sha1 dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11 I then run sha1sum /tmp/sha1 and it gives: 05082898ab78f6da9c1ad2587b8012cd0cf52172 I put that in a file /tmp/base64 and run base64 /tmp/base64 The result of that is: MDUwODI4OThhYjc4ZjZkYTljMWFkMjU4N2I4MDEyY2QwY2Y1MjE3Mgo Which is not correct. Its supposed to be s3pPLMBiTxaQ9kYGzzhZRbK+xOo What am I not doing correct? Thanks, Jerry
I finally found it.
echo -n ${key}258EAFA5-E914-47DA-95CA-C5AB0DC85B11|openssl dgst -sha1
-binary|base64
Thanks,
Jerry
Jerry Geis wrote:> I finally found it. > > echo -n ${key}258EAFA5-E914-47DA-95CA-C5AB0DC85B11|openssl dgst -sha1 > -binary|base64 >Are you *required* to use SHA1? I believe it's either deprecated, or about to be. Certainly, just last week I saw a report of researchers breaking it. mark "or was that 'breaking it again'?"