java equivalent to php's hmac-SHA1

Question

I'm looking for a java equivalent to this php call:

hash_hmac('sha1', "test", "secret")

I tried this, using java.crypto.Mac, but the two do not agree:

String mykey = "secret";
String test = "test";
try {
    Mac mac = Mac.getInstance("HmacSHA1");
    SecretKeySpec secret = new SecretKeySpec(mykey.getBytes(),"HmacSHA1");
    mac.init(secret);
    byte[] digest = mac.doFinal(test.getBytes());
    String enc = new String(digest);
    System.out.println(enc);  
} catch (Exception e) {
    System.out.println(e.getMessage());
}

The outputs with key = "secret" and test = "test" do not seem to match.

Well, how do they differ? Which one matches the test patterns for sha1? A cursory glance at the PHP document shows the "raw_output" options. — , Oct 22 '09 at 21:01
Post some test input and output (use hex encoding or base-64 for binary parameters). — erickson, Oct 22 '09 at 21:03

score 41 · Accepted Answer · answered Oct 22 '09 at 22:28

In fact they do agree.
As Hans Doggen already noted PHP outputs the message digest using hexadecimal notation unless you set the raw output parameter to true.
If you want to use the same notation in Java you can use something like

for (byte b : digest) {
    System.out.format("%02x", b);
}
System.out.println();

to format the output accordingly.

score 20 · Answer 2 · edited May 25 '11 at 17:56

You can try this in Java:

private static String computeSignature(String baseString, String keyString) throws GeneralSecurityException, UnsupportedEncodingException {

    SecretKey secretKey = null;

    byte[] keyBytes = keyString.getBytes();
    secretKey = new SecretKeySpec(keyBytes, "HmacSHA1");

    Mac mac = Mac.getInstance("HmacSHA1");

    mac.init(secretKey);

    byte[] text = baseString.getBytes();

    return new String(Base64.encodeBase64(mac.doFinal(text))).trim();
}

score 5 · Answer 3 · answered May 11 '11 at 18:40

5

This is my implementation :

        String hmac = "";

    Mac mac = Mac.getInstance("HmacSHA1");
    SecretKeySpec secret = new SecretKeySpec(llave.getBytes(), "HmacSHA1");
    mac.init(secret);
    byte[] digest = mac.doFinal(cadena.getBytes());
    BigInteger hash = new BigInteger(1, digest);
    hmac = hash.toString(16);

    if (hmac.length() % 2 != 0) {
        hmac = "0" + hmac;
    }

    return hmac;

answered May 11 '11 at 18:40

atomsfat

2,863
6
34
36

That's the only solution that works for me. Thanks a lot! – Johann Hagerer Aug 04 '16 at 07:22

Hans Doggen · Answer 4 · 2009-10-22T21:30:04.493

3

Seems to me that PHP uses HEX notation for the bytes that Java produces (1a = 26) - but I didn't check the whole expression.

What happens if you run the byte array through the method on this page?

edited Oct 22 '09 at 21:30

answered Oct 22 '09 at 21:18

Hans Doggen

1,796
2
16
13

Krizko · Answer 5 · 2013-05-13T11:03:19.940

3

My implementation for HmacMD5 - just change algorithm to HmacSHA1:

SecretKeySpec keySpec = new SecretKeySpec("secretkey".getBytes(), "HmacMD5");
Mac mac = Mac.getInstance("HmacMD5");
mac.init(keySpec);
byte[] hashBytes = mac.doFinal("text2crypt".getBytes());
return Hex.encodeHexString(hashBytes);

edited May 13 '13 at 11:03

answered May 13 '13 at 09:57

Krizko

31
2

score 3 · Answer 6 · answered Oct 10 '14 at 10:06

This way I could get the exact same string as I was getting with hash_hmac in php

String result;

try {
        String data = "mydata";
        String key = "myKey";
        // Get an hmac_sha1 key from the raw key bytes
        byte[] keyBytes = key.getBytes();
        SecretKeySpec signingKey = new SecretKeySpec(keyBytes, "HmacSHA1");

        // Get an hmac_sha1 Mac instance and initialize with the signing key
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(signingKey);

        // Compute the hmac on input data bytes
        byte[] rawHmac = mac.doFinal(data.getBytes());

        // Convert raw bytes to Hex
        byte[] hexBytes = new Hex().encode(rawHmac);

        //  Covert array of Hex bytes to a String
        result = new String(hexBytes, "ISO-8859-1");
        out.println("MAC : " + result);
}
catch (Exception e) {

}

This should be the right answer, many have missed the Hex encoding step. — Krishnaraj, Aug 20 '16 at 06:08
I'm sorry but I'm ignorant, where do I get the "Hex().encode(bytes[] rawHmac)" method? — Pedro Joaquín, May 28 '19 at 22:07

serg · Answer 7 · 2009-10-22T21:30:58.397

1

Haven't tested it, but try this:

        BigInteger hash = new BigInteger(1, digest);
        String enc = hash.toString(16);
        if ((enc.length() % 2) != 0) {
            enc = "0" + enc;
        }

This is snapshot from my method that makes java's md5 and sha1 match php.

edited Oct 22 '09 at 21:30

answered Oct 22 '09 at 21:22

serg

109,619
77
317
330

Of course, using new StringBuilder(digest.length * 2), a for/next loop and append(String.format("%02X"), digest[i] & 0xFF) is less memory intensive and possibly a bit more readable. – Maarten Bodewes Nov 21 '11 at 22:10
the if statement needs to be a while loop. it won't work for the multiple leading zeroes case. – slushi Jun 06 '13 at 14:37

java equivalent to php's hmac-SHA1

7 Answers7

Linked

Related