Compute HMAC sha-512 in NodeJS and Java
Question
I am trying to migrate a sha-512 computation from java to node JS and I can't seem to get the same results...
Java code (which looks standard from what I saw online ):
public class Test
{
private static String get_SecurePassword(String passwordToHash, String salt, String algo) throws NoSuchAlgorithmException
{
String generatedPassword = null;
MessageDigest md = MessageDigest.getInstance(algo);
md.update(salt.getBytes());
byte[] bytes = md.digest(passwordToHash.getBytes());
StringBuilder sb = new StringBuilder();
for (int i = 0; i< bytes.length; i++) {
sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
}
generatedPassword = sb.toString();
return generatedPassword;
}
public static void main(String[] args) throws NoSuchAlgorithmException
{
String res = get_SecurePassword("test", "test", "SHA-512");
System.out.println(res);
}
}
Output:
125d6d03b32c84d492747f79cf0bf6e179d287f341384eb5d6d3197525ad6be8e6df0116032935698f99a09e265073d1d6c32c274591bf1d0a20ad67cba921bc
NodeJS:
const crypto = require('crypto');
function getSecurePassword(password, salt, algo) {
const algoFormatted = algo.toLowerCase().replace('-', '');
const hash = crypto.createHmac(algoFormatted, salt);
hash.update(password);
const res = hash.digest('hex');
return res;
}
console.log(getSecurePassword('test', 'test', 'SHA-512'));
Output:
9ba1f63365a6caf66e46348f43cdef956015bea997adeb06e69007ee3ff517df10fc5eb860da3d43b82c2a040c931119d2dfc6d08e253742293a868cc2d82015
What am I doing wrong?
Note : I am using Java 8 and Node 10.13
3 answers
solution1
2 ACCPTED 2019-01-29 19:31:14
In Node you're using HMAC-SHA-512, but in Java you're just using SHA-512 and concatenating the key and the plaintext. That is not how HMAC works. You need to use HMAC-SHA-512 in Java as well:
import static java.nio.charset.StandardCharsets.*;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
public class Test {
private static String getSecurePassword(String password, String salt, String algo)
throws NoSuchAlgorithmException, InvalidKeyException {
SecretKeySpec secretKeySpec = new SecretKeySpec(salt.getBytes(UTF_8), algo);
Mac mac = Mac.getInstance(algo);
mac.init(secretKeySpec);
byte[] bytes = mac.doFinal(password.getBytes(UTF_8));
return new BigInteger(1, bytes).toString(16);
}
public static void main(String[] args)
throws NoSuchAlgorithmException, InvalidKeyException {
System.out.println(getSecurePassword("test", "test", "HmacSHA512"));
}
}
Output:
9ba1f63365a6caf66e46348f43cdef956015bea997adeb06e69007ee3ff517df10fc5eb860da3d43b82c2a040c931119d2dfc6d08e253742293a868cc2d82015
solution2
2 2019-01-29 19:49:21
If someone is looking to the Node JS fix I made thanks to @DavidConrad, here it is:
const crypto = require('crypto');
function getSecurePassword(password, salt, algo) {
const algoFormatted = algo.toLowerCase().replace('-', '');
const hash = crypto.createHash(algoFormatted);
hash.update(salt + password);
return hash.digest('hex');
}
console.log(getSecurePassword('test', 'test', 'SHA-512'));
Output:
125d6d03b32c84d492747f79cf0bf6e179d287f341384eb5d6d3197525ad6be8e6df0116032935698f99a09e265073d1d6c32c274591bf1d0a20ad67cba921bc
solution3
0 2019-10-24 10:35:40
对于NodeJS ,您可以将键附加数据以获取Java等效散列。
require('crypto').createHash(algo).update(data + key).digest()
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.