Payload contains an HMAC tag as well as a nonce for AES. Client-side printing the tag and nonce result in (for example):
#tag: b'=x\x9d{_0\xf9;c8\x94inc]\xb1'
#nonce: b'\x1f\xf4\xbe\xcc\xf2\x84f\xf2*\x8dP\x16\xc8\x02\xfe\xbe'
requests.post(url, data=payload, headers={"Content-Type": "application/octet-stream"}, verify="myShnazzyCertificate.pem")
Server-side, my flask api route receives a tag and nonce that have evidently been urlencoded:
data = flask.request.data
## stuff happens here, then -> print("tag: ", tag); print("nonce: ", nonce)
#tag: b'%3Dx%9D%7B_0%F9%3Bc8%94inc%5D%B1'
#nonce: b'%1F%F4%BE%CC%F2%84f%F2%2A%8DP%16%C8%02%FE%BE'
How do I remove the urlencoding (or prevent it from happening?) while keeping the tag and nonce as bytecode? I tried:
tag = tag.replace(b"%", bytes(r"\x".encode("utf-8")))
nonce = nonce.replace(b"%", bytes(r"\x".encode("utf-8")))
But HMAC verification failed since the tag has "{" and the nonce has "*" which also got encoded, so I'd need something more exhaustive.
Although there may be a way to use "Content-Type": "application/octet-stream" to send binary parameters, I've always considered it to be intended for files.
I suggest not sending binary params via HTTP (a "text protocol") by converting the binary to url-safe text and back, e.g. base64