HMAC-SHA1:如何在 Java 中正确执行? [英] HMAC-SHA1: How to do it properly in Java?

问题描述

我正在使用 HMAC-SHA1 散列一些值，在 Java 中使用以下代码:

I'm hashing some values using HMAC-SHA1, using the following code in Java:

public static String hmacSha1(String value, String key) {
    try {
        // Get an hmac_sha1 key from the raw key bytes
        byte[] keyBytes = key.getBytes();           
        SecretKeySpec signingKey = new SecretKeySpec(keyBytes, "HmacSHA1");

        // Get an hmac_sha1 Mac instance and initialize with the signing key
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(signingKey);

        // Compute the hmac on input data bytes
        byte[] rawHmac = mac.doFinal(value.getBytes());

        // Convert raw bytes to Hex
        byte[] hexBytes = new Hex().encode(rawHmac);

        //  Covert array of Hex bytes to a String
        return new String(hexBytes, "UTF-8");
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

Hex() 属于 org.apache.commons.codec

在 PHP 中有一个类似的函数 hash_hmac(algorithm, data, key)，我用它来比较 Java 实现返回的值.

In PHP there's a similar function hash_hmac(algorithm, data, key) that I use to compare the values returned by my Java implementation.

所以第一次尝试是:

hash_hmac("sha1", "helloworld", "mykey") // PHP

返回:74ae5a4a3d9996d5918defc2c3d475471bbf59ac

我的 Java 函数也返回 74ae5a4a3d9996d5918defc2c3d475471bbf59ac.

My Java function returns 74ae5a4a3d9996d5918defc2c3d475471bbf59ac as well.

好的，它似乎工作.然后我尝试使用更复杂的密钥:

Ok, it seems working. Then I try to use a more complex key:

hash_hmac("sha1", "helloworld", "PRIE7$oG2uS-Yf17kEnUEpi5hvW/#AFo") // PHP

返回:e98bcc5c5be6f11dc582ae55f520d1ec4ae29f7a

虽然这次我的 Java impl 返回:c19fccf57c613f1868dd22d586f9571cf6412cd0

While this time my Java impl returns: c19fccf57c613f1868dd22d586f9571cf6412cd0

我的 PHP 代码返回的哈希值与我的 Java 函数返回的值不相等，我找不到原因.

The hash returned by my PHP code is not equal to the value returned by my Java function, and I can't find out why.

有什么建议吗?

推荐答案

在您的 PHP 端，在键周围使用单引号，这样 $ 字符不会被视为变量引用.即，

On your PHP side, use single-quotes around the key so that the $ character is not treated as a variable reference. i.e.,

hash_hmac("sha1", "helloworld", 'PRIE7$oG2uS-Yf17kEnUEpi5hvW/#AFo')

否则，你真正得到的关键是 PRIE7-Yf17kEnUEpi5hvW/#AFo(假设变量 $oG2uS 未定义).

Otherwise, the key you really get is PRIE7-Yf17kEnUEpi5hvW/#AFo (assuming the variable $oG2uS is not defined).

这篇关于HMAC-SHA1:如何在 Java 中正确执行?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！