CODEWITHSUNDEEP
javamd5
eric
eric

Reputation: 2759

MessageDigest MD5 Algorithm not returning what I expect

Something in the back of my head is telling me I'm missing something obvious here.

I'm integrating an existing java project with a third-party api that uses an md5 hash of an api key for authentication. It's not working for me, and during debugging I realized that the hashes I'm generating don't match the examples that they've supplied. I've found some websites that create MD5 hashes from strings to check their examples, and as far as I can tell I'm wrong and they're right.

for example, according to this website, the string "hello" generates a hash of "5d41402abc4b2a76b9719d911017c592". (FWIW I don't know anything about this website except that it seems to correctly hash the examples that I have). When I run it through my code I get:

XUFAKrxLKna5cZ2REBfFkg==

Here is the simple method I'm using to generate the md5 hash/string.:

private String md5(String md5Me) throws Exception {
    MessageDigest md = MessageDigest.getInstance("MD5");
    md.reset();
    md.update(md5Me.getBytes("UTF-8"));

    return Base64.encodeBase64String(md.digest());
}

I used a very similar method to successfully authenticate a different API using the SHA1 algorithm last week. I'm wondering if the problem is related to the org.apache.commons.net.util.Base64.encodeBase64String... Any help is greatly appreciated, if only some tests to see if the byteArray is correct but the converted string is wrong.

Upvotes: 9

Views: 7726

Answers (2)

ruakh
ruakh

Reputation: 183201

for example, according to this website, the string "hello" generates a hash of "5d41402abc4b2a76b9719d911017c592". (FWIW I don't know anything about this website except that it seems to correctly hash the examples that I have). When I run it through my code I get:

XUFAKrxLKna5cZ2REBfFkg==

Both are correct ways of representing the same sixteen-byte hash. 5d41402abc4b2a76b9719d911017c592 represents each byte of the hash as two hexadecimal digits, whereas XUFAKrxLKna5cZ2REBfFkg== uses Base-64 to represent every three bytes of the hash as four characters.

To generate the hexadecimal-version that this third-party API is expecting, you can change this:

Base64.encodeBase64String(md.digest());

to this:

String.format("%032x", new BigInteger(1, md.digest()));

(mostly taken from this StackOverflow answer).

However, you might want to consider using an external library for this. Perception, in a comment above, mentions Apache Commons DigestUtils. If you use that, you'll want the md5hex method.

Upvotes: 9

Thorn
Thorn

Reputation: 4057

The md5 Hash algorithm is part of the core java API so there is no need for any external libraries. Here is the method I used to encrypt a password with MD5.

import java.security.MessageDigest;

/**
 * Use to encrypt passwords using MD5 algorithm
 * @param password should be a plain text password.
 * @return a hex String that results from encrypting the given password.
 */
public static String encryptPassword(String password) {
    try {
        MessageDigest md = MessageDigest.getInstance("MD5");
        md.update(password.getBytes());

        byte byteData[] = md.digest();

        StringBuffer hexString = new StringBuffer();
        for (int i=0;i<byteData.length;i++) {
            String hex=Integer.toHexString(0xff & byteData[i]);
            if(hex.length()==1) hexString.append('0');
            hexString.append(hex);
        }
        return hexString.toString();
    }
    catch(java.security.NoSuchAlgorithmException missing) {
        return "Error.";
    }
}

Upvotes: 3

Related Questions