Sunday, September 8, 2013

SHA-256 in JAVA


Note: For mobile users, kindly switch to web version on your mobile.
Security is a very basic requirement which every developer has to keep in mind while designing or developing an application. I would like to take this opportunity to quote a line from the one of the book I read "Every system can be broken, given enough time and money. Let me say that again, every system can be broken". This very quote itself inspired me to blog a series of tutorials regarding security, cryptography and what else is the best place to start other than SHA-256. In the near future I will try to blog more tutorials on digital signatures, how to verify digital signatures, digital certificates based authentication, Keys .....
SHA-2
For a given input SHA-256 will generate a hash value through which the input can be validated and guaranteed that its contents are not tampered. Sender can generate a hash value and share it with the receiver through which receiver can validate the file. If the contents of the file is changed the hash value will also change.(This is what we basically see on many download sites). Below is an example using Message Digest.

SHA256Example.java
package itsvenkis.blogspot.in;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class SHA256Example {

 public static void main(String args[]) {
  FileInputStream fis = null;
  try {
   File file = new File("files.txt");
   if (!file.exists() || file.length() == 0) {
    throw new RuntimeException("Bad input................");
   }
   fis = new FileInputStream(file);
   byte[] fileBytes = new byte[(int) file.length()];
   MessageDigest md = MessageDigest.getInstance("sha-256");
   int length;
   while ((length = fis.read(fileBytes)) != -1) {
    md.update(fileBytes, 0, length);
   }
   byte[] raw = md.digest();
   StringBuilder sb = new StringBuilder();
   for (int i = 0; i < raw.length; i++) {
    byteToHex(raw[i],sb);
   }
   System.out.println("hash value in HEX " + sb.toString());
  } catch (NoSuchAlgorithmException | IOException e) {
   e.printStackTrace();
  } finally {
   if (fis != null) {
    try {
     fis.close();
    } catch (IOException e) {
     e.printStackTrace();
    }
   }
  }
 }

 private static StringBuilder byteToHex(byte b, StringBuilder sb) {
  String hexVal = Integer.toHexString((b & 0xff));
  if (hexVal.length() == 1) {
   return sb.append("0").append(hexVal);
  }
  return sb.append(hexVal);
 }

}

files.txt
itsvenkis blogspot

Output:
cc439a348e5f91e483c9c6c3620ec5b38ee18ce78ff82ccce07aba4493519f70
Dear Readers, kindly like the page on facebook or follow me on Google+.

2 comments:

  1. loosk that in your sample the digest is SHA-1 and not MD-5.

    MD-5 is recognize as no more secure, and as using java it is trivial, you can change to SHA-256

    ReplyDelete
    Replies
    1. Thanks for pointing it out. I will update the post

      Delete