Authenticating (matching) tokens from Java to C#

Question

I am trying to make my Java program generate a signature by using a message and a secret key. My C# program should generate the same token by using the same message and secret key.

However, something isn't working properly because the tokens that get generated are different.

Can someone spot out what the difference is between these two programs and why they aren't generating matching keys?

Java Code:

this.algorithm = "hmacSHA256";
private static Mac mac;
String message = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum id urn";
String secretKey = "5771CC06-B86D-41A6-AB39-9CA2BA338E27";

if( mac == null ) {
    mac = Mac.getInstance(algorithm);
    SecretKeySpec secret = new SecretKeySpec(secretKey.getBytes("US-ASCII"), 
        mac.getAlgorithm());
    mac.init(secret);
}
this.signature = new String(Base64.encodeBase64(mac.doFinal(message.getBytes("US-ASCII"))));

C# Code:

string message = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum id urn";
string secret = "5771CC06-B86D-41A6-AB39-9CA2BA338E27";

secret = secret ?? "";
var encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(secret);
byte[] messageBytes = encoding.GetBytes(message);
using (var hmacsha256 = new System.Security.Cryptography.HMACSHA256(keyByte))
{
    byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
    return Convert.ToBase64String(hashmessage);
}

Answer 1

Your problem has nothing to do with encryption. I've slightly changed the code to make it run standalone in a main function and both return the same result:

rO7Ly1WIR+d4AGXaDvIOYH3vVm2NvyFwbr3E3rQaw4I=

My Java code is:

package com.test.so;

import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;

public class MessageHashTest {

    public static void main(String[] args) throws NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeyException {
        String algorithm = "hmacSHA256";
        String message = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum id urn";
        String secretKey = "5771CC06-B86D-41A6-AB39-9CA2BA338E27";

        Mac mac = Mac.getInstance(algorithm);
        SecretKeySpec secret = new SecretKeySpec(secretKey.getBytes("US-ASCII"), 
        mac.getAlgorithm());
        mac.init(secret);
        String signature = new String(Base64.encodeBase64(mac.doFinal(message.getBytes("US-ASCII"))));
        System.out.println(signature);
    }
}

And my .NET code is:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;

namespace MessageHashTest
{
    class Program
    {
        static void Main(string[] args)
        {
            string message = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum id urn";
            string secret = "5771CC06-B86D-41A6-AB39-9CA2BA338E27";

            var encoding = new System.Text.ASCIIEncoding();
            byte[] keyByte = encoding.GetBytes(secret);
            byte[] messageBytes = encoding.GetBytes(message);
            using (var hmacsha256 = new HMACSHA256(keyByte))
            {
                byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
                Console.WriteLine(Convert.ToBase64String(hashmessage));
            }
        }
    }
}

Possible problems in your code are:

• The reuse of the MAC instance in Java. I don't know if you can use if more than once. It might no longer be properly initialized for a new message.
• secret = secret ?? "": Why do you need that? Did you loose the secret somewhere? Are you creating the hash with the wrong secret?

Answer 2

I can see that you use HMACSHA256 hashing algorithm in C#. But what algotithm you using in Java?