How to generate HMAC SHA 256 using hmacutils in java

Question

I've been trying to generate an HMAC for an API using code like so:

public static void main(String[] args) {

    byte[] hmacSha256 = HmacUtils.hmacSha256(API_SECRET, "totalParams");

    System.out.println((Base64.getEncoder().encodeToString(hmacSha256)));
}

But when I use the string I get in my API call I receive the error:

{"code":-1100,"msg":"Illegal characters found in parameter 'signature'; legal range is '^[A-Fa-f0-9]{64}$'."}

I thought that it meant I had to convert to hex, but the hex is not working either.

I don't care about the implementation, I just want a valid signature. Anyone know how to generate a valid signature in any way?

Does your API_SECRET contains chars different than 0-9 and a-f? — Jose Da Silva Gomes, Mar 11 '18 at 04:13
Why using `HmacUtils`? You can do it all with [`javax.crypto.Mac`](https://docs.oracle.com/javase/8/docs/api/javax/crypto/Mac.html). — user207421, Mar 11 '18 at 04:40
Note that Base64 encoding also uses two characters other than letters and digits. (Letters and digits alone would give only 62 possibilities) — Henry, Mar 11 '18 at 08:21

score 2 · Accepted Answer · edited Mar 11 '18 at 09:13

2

See this answer to a similar question, and then this answer to convert your byte[] to hex instead of using Base64.

(Short version: You've got 256 bits of hash, and the API is expecting 64 characters. Base64 gives you 44(ish), but hex should give you 64)

edited Mar 11 '18 at 09:13

Henry

42,982
7
68
84

answered Mar 11 '18 at 08:14

Moose Morals

1,628
25
32

How to generate HMAC SHA 256 using hmacutils in java

1 Answers1