I have a sample application which generates a SHA1 hash in PHP as follows.
base64_encode(pack('H*', sha1($pass)));
I tried to achieve the same in Java, but so far, the output is different. The approach I used is as follows (Base64 and Hex classes come from commons-codec library).
byte[] rawSHA = null;
byte[] base64HexSHA = null;
String hex = null;
MessageDigest md= null;
// Get Message Digest Instance.
try {
md = MessageDigest.getInstance(SHA1_ALGORITHM);
} catch (NoSuchAlgorithmException e) {
LOG.error("Unable to load SHA-1 Message Digest : " + e.getMessage(), e);
throw new IllegalStateException("SHA-1 Message Digest Instance Not Found");
}
// Build SHA1 Hash
rawSHA = md.digest(rawText.getBytes("UTF-8"));
// Convert to HEX
hex = new String(Hex.encodeHex(rawSHA));
// Encode to Base 64
base64HexSHA = Base64.encodeBase64(hex.getBytes("UTF-8"));
// Return String
return new String(base64HexSHA);
My question is, would the approach I have taken yield the same output as PHP's pack() function? My guess is that PHP pack() function returns the raw bytes where as the Hex.encodeHex returns hex string form (ref : http://www.w3schools.com/php/func_misc_pack.asp).
How can I achieve the same output as PHP's pack() function in Java (or the full output of the above PHP code) ?
Convertion to HEX is not required, just use this:
base64HexSHA = Base64.encodeBase64(rawSHA);
Related
I'm just starting to learn Go and I'm trying to rewrite my existing small application from Java to Go.
I need to create Base64 hash of input string with key using Hmac SHA1 algorithm.
My Java code:
private String getSignedBody(String input, String key) {
String result = "";
try {
SecretKeySpec signingKey = new SecretKeySpec(key.getBytes("UTF-8"), "HmacSHA1");
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(signingKey);
byte[] rawHmac = mac.doFinal(input.getBytes("UTF-8"));
result = Base64.encodeToString(rawHmac, false);
} catch (Exception e) {
Logger.error("Failed to generate signature: " + e.getMessage());
}
return result;
}
My Go code:
func GetSignature(input, key string) string {
key_for_sign := []byte(key)
h := hmac.New(sha1.New, key_for_sign)
h.Write([]byte(input))
return base64.StdEncoding.EncodeToString(h.Sum(nil))
}
The problem is that Go code generates output that is not expected. For example, for input string "qwerty" and key "key" Java output will be RiD1vimxoaouU3VB1sVmchwhfhg= and Go output will be 9Cuw7rAY671Fl65yE3EexgdghD8=.
Where did I make mistakes in the Go code?
The Go code you provided gives exactly the same output as the Java code.
Try it on the Go Playground.
Output:
RiD1vimxoaouU3VB1sVmchwhfhg=
You made the mistake when you called your GetSignature() function. Call it like the linked example code:
fmt.Println(GetSignature("qwerty", "key"))
Your mistake was that you passed an empty input to your GetSignature() function. Calling it with empty "" input and "key" key produces the non-expected output you provided:
fmt.Println(GetSignature("", "key"))
Output:
9Cuw7rAY671Fl65yE3EexgdghD8=
I have java program which calculates SHA-256 checksum as follows. For example, if I provide the input abcd123ABCD00-4000 it outputs 0QtyIu4B+lU+TLqM/zfJz5ULVpyXgfLRs5mKXCQvbHM= . It also matches the online check sum calculator.
However the PHP code I used won't match it.
PHP code :
$s = 'abcd123ABCD00-4000';
$signature = base64_encode(hash_hmac("sha256", $s, True));
print base64_encode($signature);
Output : TWpRM1pEWXpaVFl4TURoallqTXdPRFV6WVRrNU5XVTRNRGxoWkRJMU1XWTVNREk1TnpBeU4ySXhaR0psTW1ZMk16Y3hPRE01WldFelkySXhOalJrWXc9PQ==
Java Code :
private static String getSHA256Hash(String text) {
String hash = null;
MessageDigest md = null;
try {
md = MessageDigest.getInstance("SHA-256");
md.update(text.getBytes("UTF-8"));
byte[] shaDig = md.digest();
// hash = Hex.encodeHexString(shaDig);
hash = Base64.encodeBase64String(shaDig);
} catch (NoSuchAlgorithmException ex) {
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return hash;
}
Output : 0QtyIu4B+lU+TLqM/zfJz5ULVpyXgfLRs5mKXCQvbHM=
Here what I want is to get the equivalent result in PHP (i.e to change PHP code to match result of the Java program[ I won't able to change the Java code ]. Any help is appreciated
If you use hash() and base64 encode once you get the same result.
$s = 'abcd123ABCD00-4000';
$signature = base64_encode(hash("sha256", $s, True));
print $signature; // 0QtyIu4B+lU+TLqM/zfJz5ULVpyXgfLRs5mKXCQvbHM=
I need to encode a string in md5 and then it's bytes to 2 chars hex encoding.
I've got this short JAVA snippets and need to convert it into PHP.
// Condensed the message and do MD5
try {
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] data = cleartext.getBytes(ENCODING);
md.update(data);
byte[] digestedByteArray = md.digest();
// Convert digested bytes to 2 chars Hex Encoding
md5String = HexUtils.bytesToHex(digestedByteArray);
} catch (NoSuchAlgorithmException ns) {
ns.printStackTrace();
} catch (UnsupportedEncodingException ex) {
ex.printStackTrace();
}
I'm not quite sure how to achieve this in PHP. ENCODING is UTF-8
What I have in PHP is
$md5String = md5($clearText);
$hexString = "";
for($i = 0; $i < strlen($md5String); $i++) {
$hexString .= dechex(ord($md5String[$i]));
}
But the output is different, so I think I'm failing on the hex conversion.
So what's the proper port of this JAVA snippet to PHP?
The output of md5 is already a hex-encoded string, so there is nothing else you need to do (as long as you don't set the optional second parameter to true).
$hexString = md5($clearText);
I'm trying to hash a message to a server side (which I can't change his code) written in php and encoded by HMAC_SHA1 algorithm. I'm writing the code in Java.
the php code is as follows:
$utf8Str = mb_convert_encoding($strToSign, "UTF-8");
$hmac_sha1_str = base64_encode(hash_hmac("sha1", $utf8Str, KEY));
$signature = urlencode($hmac_sha1_str);
my java code is:
private static String HashStringSign(String toHash){
try {
String afterUTF = new String(toHash.getBytes(), "UTF-8");
String res = hmac_sha1(afterUTF, SecretAccessKey);
String signature = new String(Base64.encode(res.getBytes()));
String result = URLEncoder.encode(signature);
return result;
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
}
private static String hmac_sha1(String value, String key) {
try {
// Get an hmac_sha1 key from the raw key bytes
byte[] keyBytes = key.getBytes();
SecretKeySpec signingKey = new SecretKeySpec(keyBytes, "HmacSHA1");
// Get an hmac_sha1 Mac instance and initialize with the signing key
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(signingKey);
// Compute the hmac on input data bytes
byte[] rawHmac = mac.doFinal(value.getBytes());
// Convert raw bytes to Hex
byte[] hexBytes = new Hex().encode(rawHmac);
return new String(hexBytes, "UTF-8");
} catch (Exception e) {
throw new RuntimeException(e);
}
}
I followed each of the hashing methods used in the php code and in the same order as you can see. maybe there's a function(s) in java that works different in php?
I'm using - com.sun.org.apache.xml.internal.security.utils.Base64
java.net.URLEncoder, javax.crypto and org.apache.commons.codec.binary
Thanks!
In your hash_hmac function you need to set the 4th parameter to true.
PHP Code not responsible, Java only:
So now you say that you can't change the PHP side, you can do the following to your Java code.
In your last step of the Java code, you converted the raw byte array to hexademical. However, PHP generates a base64-encoded hexademical instead of just hexademical.
So that the end of your Java step, simply base64 encode your hexademical and you will get the same values. https://stackoverflow.com/questions/9845767/base64-encoder-java#
I find myself in a need to change website platforms from Java to PHP but I'd like to keep all my user's passwords...
I had this code do the password hashing prior to writting the hashed value as the password to the website:
MessageDigest md = null;
md = MessageDigest.getInstance("SHA");
md.update(plaintext.getBytes("UTF-8"));
byte raw[] = md.digest();
hash = new Base64().encodeToString(raw).replaceAll("\n", "").replaceAll("\r", "");
I think the Java code did SHA-1 hashing of the password but just prior to that it was byte encoded to UTF-8 and afterwards it was Base64 encoded.
I'd like to have a PHP code do the same, i.e. return the same value of a hash for the same password as in Java, only it seems that the PHP code doing SHA-1 hashing I have won't return the same SHA(-1, not Base64 encoded, I think?) value when compared to a Java Base64 decoded value of the hash...could it have something to do with the fact that my passwords in PHP are not UTF-8 byte encoded first (and how can I do that in PHP) please?
p.s.
Another strange thing...my passwords in Java are all 28characters long (usually something like this rnwn4zTNgH30l4pP8V05lRVGmF4=)...but the Base64().decode(hash) value of those password hashes is 10 characters long (an example [B#14e1f2b).
I thought Base64 did an additional 1 character to each 3 charters (28 or 27, excluding the padding = charter, is much more that a third larger than those 10 charcters) so am I doing the decoding call wrong somehow maybe???
And on top of all that the SHA-1 password hashed values in PHP are 40 characters long (in a UTF-8 mysql database) like so dd94709528bb1c83d08f3088d4043f4742891f4f?
[B#14e1f2b is definitely not a hash. It's a result of implicit conversion from byte[] to String.
It looks like you do something like this:
String decodedHash = Base64().decode(hash); // Produces [B#14e1f2b
However, the correct representation of the hash is a byte array:
byte[] decodedHash = Base64().decode(hash);
What I normally do with Java to compute a SHA-1 hash that is exactly identical to the PHP sha1() function is the following. The key is that toHexString is used to show the raw bytes in a printable way. If you use the PHP function and want to obtain the same result of your convoluted process, you need to use the parameter $raw_output to true in PHP to get the raw bytes and apply Base64. Full source code.
/**
* Compute a SHA-1 hash of a String argument
*
* #param arg the UTF-8 String to encode
* #return the sha1 hash as a string.
*/
public static String computeSha1OfString(String arg) {
try {
return computeSha1OfByteArray(arg.getBytes(("UTF-8")));
} catch (UnsupportedEncodingException ex) {
throw new UnsupportedOperationException(ex);
}
}
private static String computeSha1OfByteArray(byte[] arg) {
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(arg);
byte[] res = md.digest();
return toHexString(res);
} catch (NoSuchAlgorithmException ex) {
throw new UnsupportedOperationException(ex);
}
}
private static String toHexString(byte[] v) {
StringBuilder sb = new StringBuilder(v.length * 2);
for (int i = 0; i < v.length; i++) {
int b = v[i] & 0xFF;
sb.append(HEX_DIGITS.charAt(b >>> 4)).append(HEX_DIGITS.charAt(b & 0xF));
}
return sb.toString();
}
PHP's sha1() encodes each byte of the output as hexadecimal by default, but you can get the raw output by passing true as the second argument:
$digest = sha1($password, true); // This returns the same string of bytes as md.digest()
Then pass the digest to base64_encode and you are done:
base64_encode(sha1($password, true));
This returns the exact same SHA-1 hash as your java code.