http - generate "Sec-WebSocket-Accept" from "Sec-WebSocket-Key"

Question

I'm following rfc6455:

Concretely, if as in the example above, the |Sec-WebSocket-Key|
header field had the value "dGhlIHNhbXBsZSBub25jZQ==", the server
would concatenate the string "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"
to form the string "dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-
C5AB0DC85B11". The server would then take the SHA-1 hash of this,
giving the value 0xb3 0x7a 0x4f 0x2c 0xc0 0x62 0x4f 0x16 0x90 0xf6
0x46 0x06 0xcf 0x38 0x59 0x45 0xb2 0xbe 0xc4 0xea. This value is
then base64-encoded (see Section 4 of [RFC4648]), to give the value
"s3pPLMBiTxaQ9kYGzzhZRbK+xOo=". This value would then be echoed in
the |Sec-WebSocket-Accept| header field.

and fail to generate the correct "Sec-WebSocket-Accept".

In order to understand the process I'm using online SHA1 hash and Base64 Encode.

The online SHA1 hash for "dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11" give the correct result: "b37a4f2cc0624f1690f64606cf385945b2bec4ea" as described in rfc6455.

But The online Base64 Encode give me the wrong results "YjM3YTRmMmNjMDYyNGYxNjkwZjY0NjA2Y2YzODU5NDViMmJlYzRlYQ==" for input "b37a4f2cc0624f1690f64606cf385945b2bec4ea". The result should be "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="

What am I doing wrong?

Answer 1

You need to base64-encode the raw sha1 digest.
You are encoding the hexadecimal string representation of the digest which is double the length.

Online tools work with text and don't work with raw binary data, that's why you are getting wrong results.

Python example:

import hashlib, base64
h = hashlib.sha1("dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11")
print "hexdigest:", h.hexdigest() # hexadecimal string representation of the digest
print "digest:", h.digest() # raw binary digest
print
print "wrong result:", base64.b64encode(h.hexdigest())
print "right result:", base64.b64encode(h.digest())

This prints:

hexdigest: b37a4f2cc0624f1690f64606cf385945b2bec4ea
digest: ?zO,àbO??F?8YE???ê

wrong result: YjM3YTRmMmNjMDYyNGYxNjkwZjY0NjA2Y2YzODU5NDViMmJlYzRlYQ==
right result: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=