getByte() is returning same byte[ ] for different Strings

Question

I am generating a Session key, that changes every time i run the program. But when i am converting it into BYTE ARRAY then Byte Array generated is same every time i run the program . IT should be different right? Here is my code

Key key;
SecureRandom rand = new SecureRandom();
KeyGenerator generator = KeyGenerator.getInstance("AES");
generator.init(rand);
generator.init(256);
key = generator.generateKey();
String key1=key.toString();
byte[] genratesessionKey1 = key1.getBytes();
System.out.println("SESSION KEY IS(Byte format)   "+genratesessionKey1.toString());

Then i also used one dummy string. and then i generated its Byte[]. Then i changed the value in that string and generated its Byte[] Again. Still it returns the same result.

String test2="yadav";
String key1=key.toString();
byte[] genratesessionKey1 = key1.getBytes();
byte[] g2=test.getBytes("UTF-8");
byte[] g3=test.getBytes();              
System.out.println("Session key in String   "+key1);
System.out.println("Testing Byte Format   "+g2);
System.out.println("Testing Byte Format 2   "+g3);

Why Its happening.Any Suggestions will be appreciated

First Execution

Second Execution

Could you give us the entire code? I don't see where test is coming from — Wisienkas, May 27 '16 at 14:20
Please provide a complete minimal example of the problem. The code you've provided is *almost* a working example, but not quite. I assumed references to `test` should be `test2` (`"yadav"`), and the code functioned as I would expect--that is to say, **not** what you described. So please provide a working example. — dcsohl, May 27 '16 at 14:20
You do know that `toString()` on a byte array doesn't actually print out the byte contents, right? So, what are you looking at to determine that the byte array is always the same? Please post your output. — sstan, May 27 '16 at 14:22
yeah IN String test2="yadav"; when i change it to String test2="yadav1234"; — Mudit, May 27 '16 at 14:31
it still returns the same byte [ ] for both string .. that should be different right? — Mudit, May 27 '16 at 14:31
Please post the output of your `System.out.println()` statements. — sstan, May 27 '16 at 14:33
@sstan yeah just want to know why its returning the Same byte[ ] After( execution with first value) i change the String value. — Mudit, May 27 '16 at 14:33
And basically, I'm saying that I don't actually believe you. I'm saying that you are not comparing the byte arrays correctly. Please show your output. — sstan, May 27 '16 at 14:37
I have added the Executions of Same program. Session key is changing but the byte[ ] is same . — Mudit, May 27 '16 at 14:43

sstan · Answer 1 · 2016-05-27T15:02:30.577

3

You can't rely on calling toString() on a byte array to inspect its contents. The returned value doesn't tell you what the bytes are.

If you really want to check the contents of a byte array and see whether it changes or not, use Arrays.toString(byteArray) instead. And then you should be able to verify that the byte array does indeed change.

edited May 27 '16 at 15:02

answered May 27 '16 at 14:51

sstan

35,425
6
48
66

When i use Arrays.toString(byteArray) ... its changing but i have to encrypt it and pass it into that byte[ ] format , so the encryption returned will have right result for every session key generated on each execution of program – Mudit May 27 '16 at 15:07

score 0 · Accepted Answer · answered May 27 '16 at 15:03

First of all the code won't compile nor run. What will (omitting imports and class) is

   public static void main(String[] args) 
           throws NoSuchAlgorithmException, UnsupportedEncodingException {
      Key key;
      SecureRandom rand = new SecureRandom();
      KeyGenerator generator = KeyGenerator.getInstance("AES");
      generator.init(rand);
      generator.init(256);
      key = generator.generateKey();
      String key1 = key.toString();
      byte[] genratesessionKey1 = key1.getBytes();
      System.out.println("SESSION KEY IS(Byte format)   " 
                             +  genratesessionKey1.toString());

      String test2="yadav";
      byte[] g2 = test2.getBytes("UTF-8");
      byte[] g3 = test2.getBytes();              
      System.out.println("Session key in String   " + key1);
      System.out.println("Testing Byte Format   " + g2);
      System.out.println("Testing Byte Format 2   " + g3);

      System.out.println("Session key in String   "
                                     + Arrays.toString(genratesessionKey1));

   } // main(String[])

The output would be

SESSION KEY IS(Byte format)   [B@1c53fd30
Session key in String   javax.crypto.spec.SecretKeySpec@fffe8e54
Testing Byte Format   [B@50cbc42f
Testing Byte Format 2   [B@75412c2f

This just shows arrays inheriting Object.toString() in the sense of showing the (useless) address as hash value. Hence, toString() lets all arrays look alike no matter what length or content.
Probably, Mudit wants to see the array's content. Adding

System.out.println("Session key in String   "
                                     + Arrays.toString(genratesessionKey1));

yields

Session key in String   [106, 97, 118, 97, 120, 46, 99, 114, 121, ....

Rationale: Downward compatibility forbade to enhance the (useless to repeat me) method toString() of all Arrays. Hence, what Mudit and many others expect was put as static methods in the helper class java.util.Arrays since Java5.

When i use Arrays.toString(byteArray) ... its changing but i have to encrypt it and pass it into that byte[ ] format , so the encryption returned will have right result for every session key generated on each execution of program — Mudit, May 28 '16 at 04:01

score 0 · Answer 3 · answered May 27 '16 at 16:36

0

I would use DatatypeConverter I've used it with my Security project and it worked like a charm...

answered May 27 '16 at 16:36

RicardoVallejo

793
7
11

Just use [`Base64`.](http://docs.oracle.com/javase/8/docs/api/java/util/Base64.html) No need to use obscure `DatatypeConverter`. – erickson May 27 '16 at 16:37
Fair answer erikson but it's just another converter – RicardoVallejo May 27 '16 at 16:42
They really aren't equivalent. `Base64` is designed and supported as a solution for any base-64 requirements, with configurable line-length and white space handling, multiple standardized symbol sets, etc. – erickson May 27 '16 at 18:19
@erickson i want to encrypt that byte [ ] . so if i use byte[].toString() and then encrypt it using session key . will it be wrong ? – Mudit May 28 '16 at 05:37
because i can not figure out how to encrypt a byte[] using a Session key in java – Mudit May 28 '16 at 05:38
@Mudit Yes, it will be wrong. The result of `toString()` called on a `byte[]` doesn't tell you anything about the content of the array, as you demonstrated yourself. Also, you can't encrypt strings. Encryption APIs require `byte[]` input. So stop trying to convert it to a `String` unnecessarily. Only after it's encrypted, if you need text, you can encode the cipher text with base-64. – erickson May 28 '16 at 06:16

getByte() is returning same byte[ ] for different Strings

3 Answers3