验证Java中的Open SSL SHA1哈希
[英]Verify Open SSL SHA1 hash in Java
问题描述
In our project we create a SHA1 hash using following OpenSSL functions, 
在我们的项目中,我们使用以下OpenSSL函数创建SHA1哈希,
SHA_CTX ctx;
SHA1_Init (&ctx);
SHA1_Update (&ctx, value, size);
SHA1_Final (returned_hash, &ctx);
We are using a key and SHA1_Update is called multiple times. 我们正在使用一个密钥,并且多次调用了SHA1_Update。
I have to verify that hash using Java. 我必须使用Java验证该哈希。 I have written following functions, 我写了以下函数,
public static Mac hmacSha1Init(String key) {
Mac mac = null;
try {
// Get an hmac_sha1 key from the raw key bytes
byte[] keyBytes = key.getBytes();
SecretKeySpec signingKey = new SecretKeySpec(keyBytes, "HmacSHA1");
// Get an hmac_sha1 Mac instance and initialize with the signing key
mac = Mac.getInstance("HmacSHA1");
mac.init(signingKey);
} catch (Exception e) {
throw new RuntimeException(e);
}
return mac;
}
public static Mac hmacSha1Update(String value, Mac mac) {
try {
// update hmac with value
mac.update(value.getBytes());
} catch (Exception e) {
throw new RuntimeException(e);
}
return mac;
}
public static String hmacSha1Final( Mac mac) {
try {
// Compute the hmac on input data bytes
byte[] rawHmac = mac.doFinal();
return Base64.encodeBase64String(rawHmac);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
I am using the hmacSha1Init with the key and update multiple times with the Mac and finally call hmacSha1Final with the mac. 我将hmacSha1Init与密钥配合使用,并在Mac上进行了多次更新,最后在mac上调用了hmacSha1Final。
Ex. 防爆。
Mac mac = hmacSha1Init("ssdsdsdioj298932276302392pdsdsfsdfs");
mac = hmacSha1Update("value1", mac);
mac = hmacSha1Update("value2", mac);
mac = hmacSha1Update("value3"', mac);
String hash = hmacSha1Final(mac);
But I do not get same SHA1 hash generated via OpenSSL. 但是我没有通过OpenSSL生成相同的SHA1哈希。 There is very limited documentation on the web. 网络上的文档非常有限。 Can someone please direct me 有人可以指导我吗
1 个解决方案
解决方案1
1 2013-10-11 22:45:57
The reason for the two hashes to be different is that the input used in the openssl SHA1 algorithm is different that the one is used in Java framework. 这两个哈希值不同的原因是,openssl SHA1算法中使用的输入与Java框架中使用的输入不同。 If you use the MD5 algorithm you will see that the result is the same. 如果使用MD5算法,您将看到结果相同。 In this case openssl uses the same. 在这种情况下,openssl使用相同的方法。
What changes? 有什么变化? Well, openssl considered SHA1 not safe enough, fine, so they decided to give it another turn. 好吧,openssl认为SHA1还不够安全,还好,所以他们决定再给它一个机会。 Normally (MD5 and Java framework), take the input string and generate an ASN1 DER encoding of it. 通常(MD5和Java框架),使用输入字符串并为其生成ASN1 DER编码。 Then they take it and pass it to the algorithm. 然后,他们将其传递给算法。 For SHA1 openssl is doing a normalization before generating the ASN1 DER encoding. 对于SHA1,openssl在生成ASN1 DER编码之前先进行规范化。 It is calculating the CANONICAL format of the input, then generating the ASN1 DER and then passing it to the algorithm. 它正在计算输入的CANONICAL格式,然后生成ASN1 DER,然后将其传递给算法。
You will have to modify the Java framework to get the same results. 您将必须修改Java框架才能获得相同的结果。 I am trying to do it myself too :) 我也想自己做:)
Here you can find a post about it in the openssl distribution list: http://openssl.6102.n7.nabble.com/The-new-subject-hash-algorithm-td44844.html 在这里您可以在openssl分发列表中找到有关它的帖子: http : //openssl.6102.n7.nabble.com/The-new-subject-hash-algorithm-td44844.html
And here an implementation from the ICM Uniwersytet Warszawski. 这里是ICM Uniwersytet Warszawski的实现。 Not sure how reliable it is, that's why I am trying myself. 不确定它的可靠性如何,这就是为什么我要自己尝试。
https://github.com/eu-emi/canl-java/blob/master/src/main/java/eu/emi/security/authn/x509/helpers/trust/OpensslTruststoreHelper.java https://github.com/eu-emi/canl-java/blob/master/src/main/java/eu/emi/security/authn/x509/helpers/trust/OpensslTruststoreHelper.java
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.