I want to use Digest::MD5 on ruby like a java code.
This is the java code:
public static String MD5Encode(String input, String salt) {
try {
MessageDigest messageDigest = MessageDigest.getInstance("MD5");
byte[] hash = null;
try {
messageDigest.update(salt.getBytes("UTF-8"));
messageDigest.update(input.getBytes("UTF-8"));
hash = messageDigest.digest();
} catch (UnsupportedEncodingException exception) {
logger.error("MD5Encoder:Encode:" + exception.toString());
}
if (hash != null) {
StringBuilder output = new StringBuilder(2 * hash.length);
for (byte b : hash) {
output.append(String.format("%02x", b & 0xff));
}
return output.toString();
}
} catch (NoSuchAlgorithmException exception) {
logger.error("MD5Encoder:Encode:" + exception.toString());
}
return null;
}
and this is the ruby code, but the result is not right:
(the input variable in java is the password variable on ruby, and the salt variable is the same on both)
salt = SecureRandom.hex
if (params[:gamestate_password] != "")
password = Digest::MD5.hexdigest(params[:gamestate_password] + salt)
user_query = "UPDATE user_v54 SET password= '#{password}', passwordSalt= '#{salt}' WHERE userId='#{params[:userId]}'"
end
You should put the salt in ruby the same order as in java (in front of password):
password = Digest::MD5.hexdigest(salt + params[:gamestate_password])
Related
I am trying to encrypt the otp in php. i have the java code that encrypt the otp and when i send that encrypted otp it decrypt at client end as expected. but when i encrypt it using php, decryption does not work.
Actual Java Encryption:
public static final String appKey = "wbx+mGnapzZMietP0gK6muJb/vUU7jnAk9Fe5gTHh4w=";
public static String encryptEK(byte[] plainText, byte[] secret){
try{
SecretKeySpec sk = new SecretKeySpec(secret, AES_ALGORITHM);
ENCRYPT_CIPHER.init(Cipher.ENCRYPT_MODE, sk);
return Base64.encodeBase64String(ENCRYPT_CIPHER.doFinal(plainText));
}catch(Exception e){
e.printStackTrace();
return "";
}
}
public static String encryptOTP(String otp)
{
String encryptedOtp = null;
try {
encryptedOtp = encryptEK(otp.getBytes(),decodeBase64StringTOByte(appKey));
} catch (Exception e) {
e.printStackTrace();
}
return encryptedOtp;
}
encryptOTP("251826")
Current PhP encryption.
class AtomAES {
public function encrypt_aps_secret($data = '', $key = NULL) {
if($key != NULL && $data != ""){
$method = "AES-256-ECB";
$encrypted = openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA);
$result = base64_encode($encrypted);
return $result;
}else{
return "String to encrypt, Key is required.";
}
}
}
$appKey = mb_convert_encoding("wbx+mGnapzZMietP0gK6muJb/vUU7jnAk9Fe5gTHh4w=", "UTF-8");
$enc_otp = $atomAES->encrypt_aps_secret("251826", base64_decode(base64_encode($appKey)));
print_r(json_encode(array("enc_otp"=>mb_convert_encoding($enc_otp, "UTF-8"))));
I need the exact encryption as java does using php. how to achieve this
base64_decode(base64_encode($appKey))
I believe you use the key in php as string bytes, not as a decoded byte array, try following
base64_decode($appKey)
It is at least what meets the eye. Still there are other assumptions, such as we can only assume ENCRYPT_CIPHER is AES/ECB/PKCS5Padding, as well you should create a new Cipher instance every time, as the ENCRYPT_CIPHER may not be thread-safe
On the hash example it displays the output in the console. How can I implement this into my application so that it will hash the text input then display the hash where it says "hash to appear here!!"
Using your own example, create an Utility Hashing class, with a static method like this...
public class MD5Util {
private static final String ALGORITHM = "MD5";
public static String getHash(String text){
try {
MessageDigest md = MessageDigest.getInstance(ALGORITHM);
md.update(text.getBytes());
byte[] byteData = md.digest();
StringBuffer hexString = new StringBuffer();
for(byte bd : byteData){
String hex = Integer.toHexString(bd & 0xff);
if(hex.length() == 1)
hexString.append(0);
hexString.append(hex);
}
return hexString.toString();
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(MD5Util.class.getName()).log(Level.SEVERE, null, ex);
}
return null;
}
}
Then, call that static method and set the result into the Label field, like this...
hashValueLabel.setText(MD5Util.getHash(textInputLabel.getText()));
I can simply hash in PHP with a salt:
$orig_pw = "abcd";
$salt = 5f8f041b75042e56;
$password = hash('sha256', $orig_pw . $salt);
(This is not how I implement it, this is just an example. Salt is different for everyone)
And with this, the stored password is:
bc20a09bc9b3d3e1fecf0ed5742769726c93573d4133dbd91e2d309155fa9929
But if I try to do the same in Java, I get a different result. I tried String password = "abcd";
byte[] salt = hexStringToByteArray("5f8f041b75042e56");
try {
System.out.println(new String(getHash(password, salt)));
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
}
And the two methods:
public byte[] getHash(String password, byte[] salt) throws NoSuchAlgorithmException {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
digest.reset();
digest.update(salt);
try {
return digest.digest(password.getBytes("UTF-8"));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return null;
}
public byte[] hexStringToByteArray(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+ Character.digit(s.charAt(i+1), 16));
}
return data;
}
The result is:
/¬1¶ĆĽëüFd?[$?¶»_9ËZ»ç¶S‘Ęŗש
Which coded to hex is not even close to it:
2fac31b6434c14ebfc46643f5b243fb6bb5f39cb5abb10e7b65391454c97d7a90d0a
Can anyone help with this?
Apart from the order being swapped, it looks like in PHP you're treating the salt value as a literal string to be appended to the password, while in Java you do a hex conversion of the salt first and then use the resulting bytes to update the MessageDigest. This will obviously yield different results. Looking only at the salt:
PHP: Salt -> To bytes (literal) -> SHA-256
Java: Salt -> To bytes (unhex) -> SHA-256
I just tried your Java code, and it's absolutely fine. I also tried to hash the same value in PHP as in Java and it gave me identical results.
The Java equivalent to your PHP code would be:
String password = "abcd";
String salt = "5f8f041b75042e56";
try {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
return digest.digest((password + salt).getBytes("UTF-8"));
} catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
return null;
}
After hexing the bytes it returns the following result:
60359BC8A0B09898335AA5A037B1E1B9CE3A1FE0D4CEF13514901FB32F3BCEB0
And in PHP doing:
<?
echo hash('sha256', "abcd"."5f8f041b75042e56");
?>
Returns exactly the same.
I think
digest.update(salt);
digest.digest(password.getBytes("UTF-8"));
is equivalent to:
hash('sha256', $salt . $orig_pw);
So the hash and salt are swapped. Can you confirm this?
I am porting part of an iOS app to Android, and I'm having trouble porting the following signature generating code in iOS to Android. The iOS code is:
+ (NSString *)hashedBase64ValueOfData:(NSString *) data WithSecretKey:(NSString*)secret {
// ascii convirsion
const char *cKey = [secret cStringUsingEncoding:NSASCIIStringEncoding];
const char *cData = [data cStringUsingEncoding:NSASCIIStringEncoding];
// HMAC Data structure initializtion
unsigned char cHMAC[CC_SHA256_DIGEST_LENGTH];
CCHmac(kCCHmacAlgSHA256, cKey, strlen(cKey), cData, strlen(cData), cHMAC);
// Gerating hased value
NSData *da = [[NSData alloc] initWithBytes:cHMAC length:sizeof(cHMAC)];
return [da base64EncodedString];// conversion to base64 string & returns
}
The Android Java code I have written and tried is:
private static String hashedBase64ValueOfDataWithSecretKey(String data, String secret) {
try {
SecretKeySpec signingKey = new SecretKeySpec(secret.getBytes(), HMAC_SHA1_ALGORITHM);
Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
mac.init(signingKey);
byte[] rawHmac = mac.doFinal(data.getBytes());
return Base64.encodeToString(rawHmac, 0);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
Upon testing, the Android function is not outputting the same thing as the iOS function (given the same input), and I'm not sure why.
Not an expert at this, but NSASCIIStringEncoding seems to imply that you want data and secret interpreted as ASCII, whereas String.getBytes() uses the default character set by default (i.e. UTF-8).
You probably need to use a different charset:
data.getBytes(StandardCharsets.US_ASCII);
secret.getBytes(StandardCharsets.US_ASCII);
For Java pre-1.7, you'll need to use this and catch the UnsupportedEncodingException:
data.getBytes("US-ASCII");
secret.getBytes("US-ASCII");
You might use extras org.apache.commons.codec.binary.Base64. Google it and find it, then you can fellow the codes below. I think the hashed value will be generated by "private key" and appended behind a "public key" being sent to server with a "http-head" together. If no, you can just remove them. Anyway the codes might give you some suggestions. :)
private String getAppendedHeader(String str) {
try {
String hash = getHash(str);
String signature = new String(Base64.encodeBase64(hash.getBytes()));
StringBuilder sb = new StringBuilder();
sb.append(PUBLIC_KEY).append(' ').append(signature);
return sb.toString();
} catch (NoSuchAlgorithmException _e) {
LL.e("Get mac error: " + _e.getMessage());
return null;
} catch (InvalidKeyException _e) {
LL.e("Init mac error: " + _e.getMessage());
return null;
}
}
private String getHash(String str) throws NoSuchAlgorithmException, InvalidKeyException {
Mac mac = Mac.getInstance("HmacSHA256");
SecretKeySpec secret = new SecretKeySpec(PRIVATE_KEY.getBytes(), "HmacSHA256");
mac.init(secret);
byte[] digest = mac.doFinal(str.getBytes());
BigInteger hash = new BigInteger(1, digest);
String hmac = hash.toString(16);
if (hmac.length() % 2 != 0) {
hmac = "0" + hmac;
}
return hmac;
}
I am trying to create a signature using the HMAC-SHA256 algorithm and this is my code.
I am using US ASCII encoding.
final Charset asciiCs = Charset.forName("US-ASCII");
final Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
final SecretKeySpec secret_key = new javax.crypto.spec.SecretKeySpec(asciiCs.encode("key").array(), "HmacSHA256");
sha256_HMAC.init(secret_key);
final byte[] mac_data = sha256_HMAC.doFinal(asciiCs.encode("The quick brown fox jumps over the lazy dog").array());
String result = "";
for (final byte element : mac_data)
{
result += Integer.toString((element & 0xff) + 0x100, 16).substring(1);
}
System.out.println("Result:[" + result + "]");
The result that I am getting from the above code is:
f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8
This is same as to that of shown in the wiki
HMAC_SHA256("key", "The quick brown fox jumps over the lazy dog") = 0x f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8
except for the 0x.
I am looking for ideas/comments if I am doing everything right or may be I can improve my code.
Here is my solution:
public static String encode(String key, String data) throws Exception {
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(key.getBytes("UTF-8"), "HmacSHA256");
sha256_HMAC.init(secret_key);
return Hex.encodeHexString(sha256_HMAC.doFinal(data.getBytes("UTF-8")));
}
public static void main(String [] args) throws Exception {
System.out.println(encode("key", "The quick brown fox jumps over the lazy dog"));
}
Or you can return the hash encoded in Base64:
Base64.encodeBase64String(sha256_HMAC.doFinal(data.getBytes("UTF-8")));
The output in hex is as expected:
f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8
The 0x just denotes that the characters after it represent a hex string.
0x1A == 1Ah == 26 == 1A
So the 0x is just to clarify what format the output is in, no need to worry about it.
If you're using Guava, its latest release now lets you use
Hashing.hmacSha256()
One example of using this:
String hash = Hashing.hmacSha256("mykey".getBytes(StandardCharsets.UTF_8)).hashString("my_message", StandardCharsets.UTF_8).toString()
Further documentation here: https://guava.dev/releases/23.0/api/docs/com/google/common/hash/Hashing.html#hmacSha256-byte:A-
The answer that you got there is correct. One minor thing in the code above, you need to init(key) before you can call doFinal()
final Charset charSet = Charset.forName("US-ASCII");
final Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
final SecretKeySpec secret_key = new javax.crypto.spec.SecretKeySpec(charSet.encode("key").array(), "HmacSHA256");
try {
sha256_HMAC.init(secret_key);
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
...
This is working fine for me
I have add dependency
compile 'commons-codec:commons-codec:1.9'
ref: http://mvnrepository.com/artifact/commons-codec/commons-codec/1.9
my function
public String encode(String key, String data) {
try {
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
sha256_HMAC.init(secret_key);
return Hex.encodeHexString(sha256_HMAC.doFinal(data.getBytes(StandardCharsets.UTF_8)));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return null;
}
Try this
Sorry for being late, I have tried all above answers but none of them is giving me correct value, After doing the lot of R&D I have found a simple way that gives me exact value.
Declare this method in your class
private String hmacSha(String KEY, String VALUE, String SHA_TYPE) {
try {
SecretKeySpec signingKey = new SecretKeySpec(KEY.getBytes("UTF-8"), SHA_TYPE);
Mac mac = Mac.getInstance(SHA_TYPE);
mac.init(signingKey);
byte[] rawHmac = mac.doFinal(VALUE.getBytes("UTF-8"));
byte[] hexArray = {(byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', (byte)'6', (byte)'7', (byte)'8', (byte)'9', (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f'};
byte[] hexChars = new byte[rawHmac.length * 2];
for ( int j = 0; j < rawHmac.length; j++ ) {
int v = rawHmac[j] & 0xFF;
hexChars[j * 2] = hexArray[v >>> 4];
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);
}
catch (Exception ex) {
throw new RuntimeException(ex);
}
}
Use this like
Log.e("TAG", "onCreate: "+hmacSha("key","text","HmacSHA256"));
Verification
1.Android studio output
2. Online HMAC generator Output(Visit here for Online Genrator)
Java simple code to generate encoded(HMAC-x) signatures. (Tried using Java-8 and Eclipse)
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import com.sun.org.apache.xml.internal.security.utils.Base64;
/**
* Encryption class to show how to generate encoded(HMAC-x) signatures.
*
*/
public class Encryption {
public static void main(String args[]) {
String message = "This is my message.";
String key = "your_key";
String algorithm = "HmacMD5"; // OPTIONS= HmacSHA512, HmacSHA256, HmacSHA1, HmacMD5
try {
// 1. Get an algorithm instance.
Mac sha256_hmac = Mac.getInstance(algorithm);
// 2. Create secret key.
SecretKeySpec secret_key = new SecretKeySpec(key.getBytes("UTF-8"), algorithm);
// 3. Assign secret key algorithm.
sha256_hmac.init(secret_key);
// 4. Generate Base64 encoded cipher string.
String hash = Base64.encode(sha256_hmac.doFinal(message.getBytes("UTF-8")));
// You can use any other encoding format to get hash text in that encoding.
System.out.println(hash);
/**
* Here are the outputs for given algorithms:-
*
* HmacMD5 = hpytHW6XebJ/hNyJeX/A2w==
* HmacSHA1 = CZbtauhnzKs+UkBmdC1ssoEqdOw=
* HmacSHA256 =gCZJBUrp45o+Z5REzMwyJrdbRj8Rvfoy33ULZ1bySXM=
* HmacSHA512 = OAqi5yEbt2lkwDuFlO6/4UU6XmU2JEDuZn6+1pY4xLAq/JJGSNfSy1if499coG1K2Nqz/yyAMKPIx9C91uLj+w==
*/
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
}
}
}
NOTE: You can use any other Algorithms and can try generating HmacMD5, HmacSHA1, HmacSHA256, HmacSHA512 signatures.
If but any chance you found a solution how to calculate HMAC-SHA256 here, but you're getting an exception like this one:
java.lang.NoSuchMethodError: No static method
encodeHexString([B)Ljava/lang/String; in class
Lorg/apache/commons/codec/binary/Hex; or its super classes
(declaration of 'org.apache.commons.codec.binary.Hex' appears in
/system/framework/org.apache.http.legacy.boot.jar)
Then use:
public static String encode(String key, String data) {
try {
Mac hmac = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(key.getBytes("UTF-8"), "HmacSHA256");
hmac.init(secret_key);
return new String(Hex.encodeHex(hmac.doFinal(data.getBytes("UTF-8"))));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Here is my solution:
public String HMAC_SHA256(String secret, String message)
{
String hash="";
try{
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key);
hash = Base64.encodeToString(sha256_HMAC.doFinal(message.getBytes()), Base64.DEFAULT);
}catch (Exception e)
{
}
return hash.trim();
}