generated config key does not match hash send by browser

[Hanan11240]

i wanted to create config seb file on my server and to check for manipulation of file i wanted to generate a config key as is written in documentation. The generated file looks like this
`

originatorVersion SEB_Win_3.7.0 allowAudioCapture allowPDFReaderToolbar allowSpellCheck

<key>allowVideoCapture</key>
<true />
<key>audioControlEnabled</key>
<true />

<key>downloadPDFFiles</key>
<true />
<key>enableZoomPage</key>
<true />

<key>enableZoomText</key>
<true />


<key>sendBrowserExamKey</key>
<true />

<key>showTaskBar</key>
<true />
<key>showTime</key>
<true />
<key>startURL</key>
<string>http://localhost:4200/exam/signin-quiz?quizId=6663e90158a6566bd261568e</string>

` and for generating hash my is code as follows

const jsonObject = { "allowAudioCapture": true, "allowPDFReaderToolbar": true, "allowSpellCheck": true, "allowVideoCapture": true, "audioControlEnabled": true, "downloadPDFFiles": false, "enableZoomPage": true, "enableZoomText": true, "sendBrowserExamKey": true, "showTaskBar": true, "showTime": true, "startURL": 'http://localhost:4200/exam/signin-quiz?quizId=6663e90158a6566bd261568e' }

const sebJsonString = JSON.stringify(jsonObject).replace(' ', ''); const hashedValue =generateSHA256Hash(sebJsonString); const urlAnhHashtoCal = 'http://localhost:4200/exam/signin-quiz?quizId=6663e90158a6566bd261568e' + hashedValue; const urlAndHash = generateSHA256Hash(urlAnhHashtoCal)

for testing i have hard coded values here. Even though this object matches the configuration of file it still generates different hash that is send by browser . i am using crypto for generating hash

`export function generateSHA256Hash(value): string {
return crypto.createHash('sha256').update(value).digest('hex');
}

`

BrowserHash: 1f1b7e45a3963f5dca61acd02c2eda7c2f41141998e2611d17178ec7d333eb2c,
code generated hash:
05d6f8ed80786fd25d5618f8eb7d9f0c1ef14864ccf7d66ff05954a1dd4ce64b

[dbuechel]

All required information can be found on our website, see https://safeexambrowser.org/developer/seb-config-key.html.

[Hanan11240]

i have done exact same steps showed on your site, but still my code generates different hash than browser. If you could check below code and see if i am missing any steps or am i doing something wrong in it.

const jsonObject = { "allowAudioCapture": true, "allowPDFReaderToolbar": true, "allowSpellCheck": true, "allowVideoCapture": true, "audioControlEnabled": true, "downloadPDFFiles": false, "enableZoomPage": true, "enableZoomText": true, "sendBrowserExamKey": true, "showTaskBar": true, "showTime": true, "startURL": 'http://localhost:4200/exam/signin-quiz?quizId=6663e90158a6566bd261568e' }

const sebJsonString = JSON.stringify(jsonObject).replace(' ', '');

const hashedValue =generateSHA256Hash(sebJsonString);

const urlAnhHashtoCal = 'http://localhost:4200/exam/signin-quiz?quizId=6663e90158a6566bd261568e' + hashedValue;

const urlAndHash = generateSHA256Hash(urlAnhHashtoCal)

export function generateSHA256Hash(value): string { return crypto.createHash('sha256').update(value).digest('hex'); }

[dbuechel]

Your JSON object uses single quotes for the start URL, which might be an issue; I also do not know whether JSON.stringify(...) produces the exact same string as required by our specification.

[Hanan11240]

{"allowAudioCapture":true,"allowPDFReaderToolbar":true,"allowSpellCheck":true,"allowVideoCapture":true,"audioControlEnabled":true,"downloadPDFFiles":false,"enableZoomPage":true,"enableZoomText":true,"sendBrowserExamKey":true,"showTaskBar":true,"showTime":true,"startURL":"http://localhost:4200/exam/signin-quiz?quizId=6663e90158a6566bd261568e"}

this is the string created by strigify and i had also used double quotes earlier but was having same issue

[dbuechel]

The implementation for Windows may serve as a reference and can be found here: https://github.com/SafeExamBrowser/seb-win-refactoring/blob/master/SafeExamBrowser.Configuration/ConfigurationData/DataProcessor.cs#L44.

[jim-craane]

I had troubles generating the correct hash because of this part of the documentation:

When reading this sentence I assumed ConcatedString = ConfigKey + RequestUrl, but it's the other way around.

After some hours trying and reading other blogs and this part of the documentation, I figured it out.

Maybe an idea to explicitly define the order in the documentation to be more clear?