In cryptography,
a keyed-hash message authentication code (HMAC) is a
specific construction for calculating a message
authentication code (MAC) involving
a cryptographic hash function in combination with a
secret cryptographic key.
As
with any MAC, it may be used to simultaneously verify both the data
integrity and the authentication of a message.
Any
cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an
HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly.
The
cryptographic strength of the HMAC depends upon the cryptographic
strength of the underlying hash function, the size of its hash output,
and on the size and quality of the key.
An
iterative hash function breaks up a message into blocks of a fixed size and
iterates over them with a compression function.
For
example, MD5 and SHA-1 operate on 512-bit blocks. The size of the output of
HMAC is the same as that of the underlying hash function (128 or 160 bits in
the case of MD5 or SHA-1, respectively), although it can be truncated if
desired.
HMAC-SHA1
and HMAC-MD5 are used within the IPsec and TLS protocols.
Signature
generating algorithm on Client and Server side
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import com.francetelecom.csrtool.model.logging.FuncLogging;
import com.francetelecom.csrtool.utils.CSRToolUtil;
/**
* Utility class to generate
HMAC message digest based on key and (SHA256/SHA512) algorithm
*/
public class HMACGenerator {
/** HMAC256 **/
public static final String HMAC256 = "HmacSHA256";
/** HMAC512 **/
public static final String HMAC512 = "HmacSHA512";
/** LOGGER Constant */
private static final Logger LOGGER = Logger.getLogger(HMACGenerator.class);
/**
* Generates a encrypted message digest based on HMACSHA256 or HMACSHA512
algorithm on the data and specific key
* @param base64Key - base64 private key
* @param data refers to the
data need to be encrypted
* @param algorithm refers to
the message digest algorithm been used (256 -> HMACSHA256) and (512
-> HMACSHA512)
* @return HMAC encrypted
String
*/
public static String generateHMACUsingBase64Key(String base64Key,
String data) {
if(Util.isStringNullOrEmpty(base64Key) || Util.isStringNullOrEmpty(data)) {
return null;
}
// Decode Base64 key (string) to bytes
byte[] secretkeyByte =
Base64.decodeBase64(base64Key.getBytes());
// Generate secret key specific to algorithm
SecretKeySpec signingKey = new SecretKeySpec(secretkeyByte, HMAC256);
String base64Digest = null;
byte[] dataBytes =
data.getBytes();
try {
// Load and initialize algorithm using
signing key
Mac mac = Mac.getInstance(HMAC256);
mac.init(signingKey);
// Generate the HMAC using input data bytes
byte[] rawHmac =
mac.doFinal(dataBytes);
// Convert raw HMAC into Base64 HMAC
byte[] hash = Base64.encodeBase64(rawHmac);
base64Digest = new String(hash);
} catch (NoSuchAlgorithmException e) {
} catch (InvalidKeyException e) {
}
return base64Digest;
}
}