HMAC-SHA256 Algorithm for signature calculation

Question

I am trying to create a signature using the HMAC-SHA256 algorithm and this is my code  I am using US ASCII encoding  final Charset asciiCs   Charset forName  quot US-ASCII quot    final Mac sha256 HMAC   Mac getInstance  quot HmacSHA256 quot    final SecretKeySpec secret key   new javax crypto spec SecretKeySpec asciiCs encode  quot key quot   array     quot HmacSHA256 quot    sha256 HMAC init secret key   final byte   mac data   sha256 HMAC doFinal asciiCs encode  quot The quick brown fox jumps over the lazy dog quot   array     String result    quot  quot   for  final byte element   mac data        result    Integer toString  element  amp  0xff    0x100  16  substring 1     System out println  quot Result   quot    result    quot   quot     The result that I am getting from the above code is  f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8  This is same as to that of shown in the wiki HMAC SHA256  quot key quot    quot The quick brown fox jumps over the lazy dog quot     0x f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8  except for the 0x  I am looking for ideas comments if I am doing everything right or may be I can improve my code

User · Answer

If but any chance you found a solution how to calculate HMAC-SHA256 here, but you're getting an exception like this one:

java.lang.NoSuchMethodError: No static method encodeHexString([B)Ljava/lang/String; in class Lorg/apache/commons/codec/binary/Hex; or its super classes (declaration of 'org.apache.commons.codec.binary.Hex' appears in /system/framework/org.apache.http.legacy.boot.jar)

Then use:

public static String encode(String key, String data) {
    try {
        Mac hmac = Mac.getInstance("HmacSHA256");
        SecretKeySpec secret_key = new SecretKeySpec(key.getBytes("UTF-8"), "HmacSHA256");
        hmac.init(secret_key);
        return new String(Hex.encodeHex(hmac.doFinal(data.getBytes("UTF-8"))));
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

User · Answer

Java simple code to generate encoded HMAC-x  signatures   Tried using Java-8 and Eclipse   import java io UnsupportedEncodingException  import java security InvalidKeyException  import java security NoSuchAlgorithmException   import javax crypto Mac  import javax crypto spec SecretKeySpec   import com sun org apache xml internal security utils Base64          Encryption class to show how to generate encoded HMAC-x  signatures          public class Encryption        public static void main String args               String message    This is my message            String key    your key           String algorithm    HmacMD5       OPTIONS  HmacSHA512  HmacSHA256  HmacSHA1  HmacMD5          try                   1  Get an algorithm instance              Mac sha256 hmac   Mac getInstance algorithm                   2  Create secret key              SecretKeySpec secret key   new SecretKeySpec key getBytes  UTF-8    algorithm                   3  Assign secret key algorithm              sha256 hmac init secret key                   4  Generate Base64 encoded cipher string              String hash   Base64 encode sha256 hmac doFinal message getBytes  UTF-8                      You can use any other encoding format to get hash text in that encoding              System out println hash                                   Here are the outputs for given algorithms -                                HmacMD5   hpytHW6XebJ hNyJeX A2w                  HmacSHA1   CZbtauhnzKs UkBmdC1ssoEqdOw                 HmacSHA256  gCZJBUrp45o Z5REzMwyJrdbRj8Rvfoy33ULZ1bySXM                 HmacSHA512   OAqi5yEbt2lkwDuFlO6 4UU6XmU2JEDuZn6 1pY4xLAq JJGSNfSy1if499coG1K2Nqz yyAMKPIx9C91uLj w                              catch  NoSuchAlgorithmException e                 e printStackTrace               catch  UnsupportedEncodingException e                 e printStackTrace               catch  InvalidKeyException e                 e printStackTrace                              NOTE  You can use any other Algorithms and can try generating HmacMD5  HmacSHA1  HmacSHA256  HmacSHA512 signatures

User · Answer

This is working fine for me  I have add dependency  compile  commons-codec commons-codec 1 9    ref  http   mvnrepository com artifact commons-codec commons-codec 1 9  my function   public String encode String key  String data        try            Mac sha256 HMAC   Mac getInstance  HmacSHA256            SecretKeySpec secret key   new SecretKeySpec key getBytes  UTF-8     HmacSHA256            sha256 HMAC init secret key            return new String Hex encodeHex sha256 HMAC doFinal data getBytes  UTF-8              catch  NoSuchAlgorithmException e            e printStackTrace          catch  InvalidKeyException e            e printStackTrace          catch  UnsupportedEncodingException e            e printStackTrace               return null

User · Answer

The 0x just denotes that the characters after it represent a hex string   0x1A    1Ah    26    1A   So the 0x is just to clarify what format the output is in  no need to worry about it

User · Answer

Here is my solution   public String HMAC SHA256 String secret  String message        String hash         try          Mac sha256 HMAC   Mac getInstance  HmacSHA256            SecretKeySpec secret key   new SecretKeySpec secret getBytes     HmacSHA256            sha256 HMAC init secret key            hash   Base64 encodeToString sha256 HMAC doFinal message getBytes     Base64 DEFAULT        catch  Exception e                   return hash trim

User · Answer

The answer that you got there is correct  One minor thing in the code above  you need to init key  before you can call doFinal        final Charset charSet   Charset forName  US-ASCII        final Mac sha256 HMAC   Mac getInstance  HmacSHA256         final SecretKeySpec secret key   new javax crypto spec SecretKeySpec charSet encode  key   array     HmacSHA256        try           sha256 HMAC init secret key         catch  InvalidKeyException e               TODO Auto-generated catch block         e printStackTrace

User · Answer

Here is my solution   public static String encode String key  String data  throws Exception     Mac sha256 HMAC   Mac getInstance  HmacSHA256      SecretKeySpec secret key   new SecretKeySpec key getBytes  UTF-8     HmacSHA256      sha256 HMAC init secret key      return Hex encodeHexString sha256 HMAC doFinal data getBytes  UTF-8         public static void main String    args  throws Exception     System out println encode  key    The quick brown fox jumps over the lazy dog         Or you can return the hash encoded in Base64   Base64 encodeBase64String sha256 HMAC doFinal data getBytes  UTF-8        The output in hex is as expected   f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8

User · Answer

Try this Sorry for being late  I have tried all above answers but none of them is giving me correct value  After doing the lot of R amp D I have found a simple way that gives me exact value   Declare this method in your class private String hmacSha String KEY  String VALUE  String SHA TYPE    try       SecretKeySpec signingKey   new SecretKeySpec KEY getBytes  quot UTF-8 quot    SHA TYPE       Mac mac   Mac getInstance SHA TYPE       mac init signingKey       byte   rawHmac   mac doFinal VALUE getBytes  quot UTF-8 quot         byte   hexArray     byte  0    byte  1    byte  2    byte  3    byte  4    byte  5    byte  6    byte  7    byte  8    byte  9    byte  a    byte  b    byte  c    byte  d    byte  e    byte  f        byte   hexChars   new byte rawHmac length   2       for   int j   0  j  lt  rawHmac length  j               int v   rawHmac j   amp  0xFF          hexChars j   2    hexArray v  gt  gt  gt  4           hexChars j   2   1    hexArray v  amp  0x0F             return new String hexChars     catch  Exception ex        throw new RuntimeException ex         Use this like Log e  quot TAG quot    quot onCreate   quot  hmacSha  quot key quot   quot text quot   quot HmacSHA256 quot        Verification 1 Android studio output  2  Online HMAC generator Output Visit here for Online Genrator

User · Answer

If you re using Guava  its latest release now lets you use    Hashing hmacSha256     Further documentation here   https   guava dev releases 23 0 api docs com google common hash Hashing html hmacSha256-byte A-

[java] HMAC-SHA256 Algorithm for signature calculation

Examples related to java

Examples related to character-encoding

Examples related to digital-signature

Examples related to hmac