1

I'm using Apache DS with Spring LDAP for authentication and user management. Apache DS sends password fields as hashed byte arrays, so I need to decrypt it into String. I'm using MD5 hashing.

For example, here's the window that is used to enter password using Apache DS Studio:

(For the sake of demonstration, I'd like to tell the entered password which is 1)

enter image description here

Apache DS sends password fields as hashed byte arrays. When I try to get it using Spring LDAP like below, I got [B@66ca6254. I need to decrypt it and got the hex value of it which is c4ca4238a0b923820dcc509a6f75849b as it is shown above.

talha06
  • 6,206
  • 21
  • 92
  • 147

2 Answers2

3

You've got two problems here:

  • You're using the term "decrypt" as if you were actually able to recover the original password. That's not the case. Hopefully you understand this already, and you're just using the term "decrypt" inappropriately
  • You're calling toString() on a byte array. That's what's giving the value "[B@66ca6254" which is an indication that the object you're calling it on is a byte array, then a hash. What you're actually interested in is a hex representation of the byte array.

Basically you just need to convert the byte array to a hex string. There are various ways of doing that - either in your own code, or using a third party library such as Apache Commons Code and its Hex class. If you don't want to include an extra library, there are loads of code snippets for byte array to hex string conversion on Stack Overflow, such as here. (There's also javax.xml.bind.DataTypeConverter, but I personally wouldn't want to use that for general conversion - it smells too much like an XML-specific type to me. I dare say it would work fine, it just gives the wrong impression in code.)

EDIT: Now that you've told us the bytes that you're getting, you don't just want to use hex. You've been given the ASCII encoded form of "{MD5}xMpCOKC5I4INzFCab3WEmw==", which itself shows that it's MD5 and then has the base64-encoded version. You should therefore:

  • Convert the byte array to a string using new String(data, "ASCII")
  • Check that the string starts with "{MD5}"
  • Decode the rest of the string as base64 (i.e. strip the first 5 characters, then run the rest through base64 decoding). Again, you can use Apache Commons Codec for this, or this public domain base64 decoder (or many other solutions).
  • At that point, you've got the real raw binary data of the hash. You can then convert that to hex if you want, as discussed earlier.
Community
  • 1
  • 1
Jon Skeet
  • 1,421,763
  • 867
  • 9,128
  • 9,194
  • `String hexString = new String(Hex.encodeHex(byteArrayPassword));` this gives me **7b4d44357d784d70434f4b43354934494e7a464361623357456d773d3d** instead of **c4ca4238a0b923820dcc509a6f75849b**. – talha06 Dec 09 '12 at 08:41
  • now it gives these outputs, I'm still not able to convert back hex value of original password `hexString = hexString.substring(5); // xMpCOKC5I4INzFCab3WEmw== byte[] bytes = Base64.decodeBase64(hexString.getBytes()); hexString = Hex.encodeHex(bytes).toString(); // [C@4c065f0a` – talha06 Dec 09 '12 at 09:22
  • 1
    @talha06: You're now calling `toString()` on a `char[]`. Don't do that. Either use `Hex.encodeHexString`, or call the `String(char[])` constructor. – Jon Skeet Dec 09 '12 at 09:25
  • ok got it! thanks a lot Jon Skeet, you really helped me a lot with patience. – talha06 Dec 09 '12 at 09:32
0

You cannot decrypt MD5 hash, it's one way hash function.

Pradeep Simha
  • 17,683
  • 18
  • 56
  • 107