Logic for Generating Signature - for SHA-2 Hashing (Java)

Question

I'm using a specification document for accessing API, and it says that hash is calculated on the signature generated from the following logic:

Signature = (field1 + field2 + field3 + field4 + field5 + field6) + (field7 + field8)

I'm just wondering what does this mean?

So, when I concatenate the fields and hash using sha-256, I'm getting a different hash format than the expected 32 byte; a sample hash has this format:

PajZG3NEUUHgrycwtPKcKkvTdBg/Kkx6OhlULgSV+ko= as opposed to this example:

c7477242d3901f537387b2b6c61099380634c013a060960a5bf4d87734d54f0e

This is my code:

stringToHash = "field1field2field3field4field5field6field7field8";
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] hash = digest.digest(stringToHash.getBytes(StandardCharsets.UTF_8));
String encoded = Base64.getEncoder().encodeToString(hash);

What could I be missing?

Why do you base64 encode it? That's your mistake (at least, one of them) — Sergio Tulentsev, Feb 01 '18 at 12:24
Instead, you should turn each of your bytes into a two-char hex string (and compose a final string from them). This is done by something else, not base64 encoder. Or maybe `digest` can get you the string directly, look in its documentation — Sergio Tulentsev, Feb 01 '18 at 12:30
Also, in the signature 'logic', what is the difference between (field1 + field2 _ field3 + field4) and (field1 + field2) + (field3 + field4) — Samuel Waithaka, Feb 01 '18 at 14:03
Mathematically, there's no difference. But maybe they meant inserting literal parentheses into the string? ¯\\_(ツ)_/¯ — Sergio Tulentsev, Feb 01 '18 at 14:04
Turns out there was no difference anyway. Was a bit misleading though. — Samuel Waithaka, Feb 09 '18 at 14:06

score 0 · Answer 1 · answered Feb 08 '18 at 04:48

0

I found out the answer from this link: http://www.mytecbits.com/tools/cryptography/sha2generator This code does it:

String input = "String to hash";
MessageDigest objSHA = MessageDigest.getInstance("SHA-256");
byte[] bytSHA = objSHA.digest(input.getBytes());
BigInteger intNumber = new BigInteger(1, bytSHA);
String stringHashCode = intNumber.toString(16);

// pad with 0 if the hexa digits are less then 64.
 while (stringHashCode.length() < 64) {
    stringHashCode = "0" + stringHashCode;
}

answered Feb 08 '18 at 04:48

Samuel Waithaka

61
9

So the difference is, do not specify character set when getting byte array from the raw string. Therefore, stringToHash.getBytes(StandardCharsets.UTF_8) becomes stringToHash.getBytes() Then converting the hash (byte array) to BigInteger, then to String. And it worked – Samuel Waithaka Feb 09 '18 at 14:01

Logic for Generating Signature - for SHA-2 Hashing (Java)

1 Answers1