Hello,
I am currently working on seting up a Vault (Community Edition) server, which my company would like to use to generate HMAC values.
For this I had set up a test server with the Transit secrets engine enabled, then imported a key into it. The server is currently running on a Raspberry Pi 4 and outside of dev mode. For test purposes TLS is disabled since the server is only available internally in the companies network.
I tested sending a request for HMAC generation using a python script. An example script using test data can be seen below. This script is both sending a request to Vault to generate an HMAC and generating one by using Pythons hmac and hashlib modules. Both generations are based on the same test input (a binary type object, which gets converted for Vault) and are using the SHA1 algorithm.
However, as shown here
uploaded screenshot, the results are different. For my companies purposes the output from Vault would need to be the same as Pythons output.
I already tried examining Vaults logs (both server logs on debug level and audit logs), where I didn’t find any hints on this problem. I also tried using Vaults debug command, but I don’t have enough experience with Vaullt to be able to use it properly.
Therefore I wanted to ask you, if you could assist me in this problem and if you might have an idea what the reasons for this differences in the results could be.
Best regards,
Tim Lange