- HmacSHA256 Hashing in JAVA
I have been given a set of steps to obtain a hash of data. I have trying to comprehend the steps for quite long now, but the hash that I am getting doesn't seem to match expected hash.
The steps that was mentioned is as follows:
- Use the FIN message input as a binary value (unsigned char in C language, byte in Java). The FIN message input must be coded in the ASCII character set.
- Combine the left LAU key and the right LAU key as one string. The merged LAU key must be used as a binary value (unsigned char in C language, byte in Java). The merged LAU key must be coded in the ASCII character set.
- Call a HMAC256 routine to compute the hash value. The hash value must also be treated as a binary value (unsigned char in C language, byte in Java). The hmac size is 32 bytes.
- Convert the hmac binary values to uppercase hexadecimal printable characters (for example, a onebyte binary value of 0000 1010 has a hexadecimal value of 0x0A and will be translated to the twobyte characters “0A”).
This is what I have tried.
import javax.crypto.Mac;import javax.crypto.spec.SecretKeySpec;import javax.xml.bind.DatatypeConverter;import java.security.InvalidKeyException;import java.security.NoSuchAlgorithmException;import org.apache.commons.codec.binary.Hex;import java.io.File;import java.io.FileInputStream;import java.io.UnsupportedEncodingException;import java.math.BigInteger;import java.nio.charset.StandardCharsets;public class ABCHash{ public static void main(String[] args) throws Exception { try{ int character; StringBuffer buffer = new StringBuffer(""); FileInputStream inputStream = new FileInputStream(new File("C:/EncPDF.txt")); while( (character = inputStream.read()) != -1) buffer.append((char) character); inputStream.close(); System.out.println("Fetching data from the file"+buffer); StringBuffer sbuf = new StringBuffer(buffer); String str=sbuf.toString(); System.out.println( "Data = "+ str); if(str!=null) { String key = "0123456789ABCDEF0123456789ABCDEF"; // Assuming the key as 0123456789ABCDEF byte[] hexvalue= stringToHexByte(str); byte[] hexkey=stringToHexByte(key); byte[] byHMAC = encode(hexkey, hexvalue); String stEncryptedData = Hex.encodeHexString(byHMAC).toUpperCase(); System.out.println("Encrypted data =\n "+stEncryptedData); } } catch(Exception e) { System.out.println("Exception in the file reading"+e); } } private static byte[] encode(byte[] hexkey, byte[] hexvalue) { try { Mac sha256_HMAC = Mac.getInstance("HmacSHA256"); SecretKeySpec secret_key = new SecretKeySpec(hexkey, "HmacSHA256"); sha256_HMAC.init(secret_key); return sha256_HMAC.doFinal(hexvalue); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (InvalidKeyException e) { e.printStackTrace(); } return null; } public static String stringToHex(String base) throws UnsupportedEncodingException { return String.format("%040x", new BigInteger(1, base.getBytes(StandardCharsets.US_ASCII))); } public static byte[] stringToHexByte(String base) throws UnsupportedEncodingException { System.out.println(stringToHex(base).toUpperCase()); return DatatypeConverter.parseHexBinary(stringToHex(base).toUpperCase()); }}It will be really helpful if someone can point whats wrong with the implementation.
- Want to understand how and why SHA 256 used for website security?
I have understanding of SHA algorithm that it's hashing function it cannot be decrypted. It is used for password storage for authentication.But my question is, I can see website shows secured with green secure symbol. So I want to know what it secures? how it secures? I have tried to study about it but it's kind of unclear to me. Why website with sha 256 certification called secure? what kind of security it's providing? What it is securing?Any brief explanation or anything will help a lot.
Thank you.
- php mysqli_connect: authentication method unknown to the client [caching_sha2_password]
I am using php mysqli_connect for login to a mySql database (all on localhost)
<?php//DEFINE ('DB_USER', 'user2');//DEFINE ('DB_PASSWORD', 'pass2');DEFINE ('DB_USER', 'user1');DEFINE ('DB_PASSWORD', 'pass1');DEFINE ('DB_HOST', '127.0.0.1');DEFINE ('DB_NAME', 'dbname');$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);if(!$dbc){ die('error connecting to database'); }?>this is the mysql.user table:
mySql Server ini File:
[mysqld]# The default authentication plugin to be used when connecting to the serverdefault_authentication_plugin=caching_sha2_password#default_authentication_plugin=mysql_native_passwordwith "caching_sha2_password" in the mySql Server ini file, it's not possible at all to login with user1 or user2;
-> error: mysqli_connect(): The server requested authentication method unknown to the client [caching_sha2_password] in...
with "mysql_native_password" in the mySql Server ini file, it's possible to login with user1, but with user2, same error;
how can I login using "caching_sha2_password" on the mySql Server?
- Fix Chrome notification about obsolete encryption in IIS8.5 and SQL Server 2012
I am trying to configure IIS 8.5 on Windows 2012 R2 so that I do not get the notification from Chrome that the website is using obsolete cryptography. The image below is from Mac OS X , but I get a similar message in Windows 8.1 where the encryption algorithm is AES_256_CBC using a SHA1 hash and key exchange is ECDHE_RSA. The problem is the SHA1 message hashing. Google is trying to get websites to use SHA2 message hashing. On the Mac the algorithm used is SHA256 for hash signing but the problem here is the GCM modifier on AES encryption.
I have a new certificate that is 2048-bit RSA certificate supporting SHA256 message hashing.
I have used the NARTAC IIS Crypto tool to configure the IIS server. The Protocols Enabled are TLS 1.0, TLS 1.1 and TLS 1.2 The Ciphers Enabled are TripleDES 168, AES 12/128 and AES 256/256. The Hashes Enabled are SHA, SHA256, SHA384 and SHA512. The Key Exchanges Enabled are Diffie-Hellman, PKCS and ECDH. The SSL Cipher Suites Order for enabled suites are:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521 (it really is this way in the latest tool)TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
I have tried a large number of variations of this configuration, but none have resulted in a working site with the notification from Chrome gone. If I remove the AES 128/128 from the Ciphers Enabled it appears to have no impact. If I remove SHA from the Hashes Enabled then the website is unable to communicate with the SQL Server 2012 that provides data services to the website. If I remove the SHA1 based SSL Cipher Suites from the supported order then the browser is unable to connect to the server.
Has anyone got a working configuration of Windows IIS 8.5 with SQL Server, where the Chrome notification is gone?
- SHA256 gives different outputs when input is a file content (in ASCII) and when given hex array of the file content as such
Went through the already asked questions similar to this but couldnt get enough clarity on this.
I am using SHA256 algorithm for hashing.I gave the file input (which is in ASCII format) and got a result.Then I took the hex format of the file formed it as a hex array (eg int hash_hex_array[] = {0xaa, 0xbb..} and got different hash.
I understand it is do with the input formats but couldnt get enough clarity on how to deal with it. Kindly enlighten me.