<crypt:mac id="mac" secretKey-ref="secretKey" algorithm="HmacSHA1" provider="BC"/> <crypt:secretKey id="secretKey" keystore-ref="keystore" alias="hmac" password="changeit"/> <crypt:keystore id="keystore" location="classpath:keystore.jceks" password="changeit" type="JCEKS"/>
For your reference, the JCEKS keystore above was created like this:
$ keytool -keystore keystore.jceks -genseckey -keyalg HmacSHA1 -keysize 2048 -alias hmac -storetype jceks -storepass changeit -keypass changeit
HmacSHA1 is the default algorithm and can be omitted.
provider attribute is optional.
Here is an example implementation.
import com.springcryptoutils.core.mac.Mac;
public class MyMacDigester {
@Autowired
// NB: this is a com.springcryptoutils.core.mac.Mac
// not a javax.security.Mac
private Mac mac;
public void myBusinessMethod() {
byte[] message = "eat me!".getBytes();
byte[] digest = mac.digest(message);
}
}
You shouldn't allow your raw bytes to wander the internets unarmed. This is why we also provide a base64 encoded version for message authentication codes.
<crypt:b64Mac id="mac" secretKey-ref="secretKey" algorithm="HmacSHA1" provider="BC"/> <crypt:secretKey id="secretKey" keystore-ref="keystore" alias="hmac" password="changeit"/> <crypt:keystore id="keystore" location="classpath:keystore.jceks" password="changeit" type="JCEKS"/>
For your reference, the JCEKS keystore above was created like this:
$ keytool -keystore keystore.jceks -genseckey -keyalg HmacSHA1 -keysize 2048 -alias hmac -storetype jceks -storepass changeit -keypass changeit
HmacSHA1 is the default algorithm and can be omitted.
provider attribute is optional.
Here is an example implementation.
import com.springcryptoutils.core.mac.Base64EncodedMac;
public class MyMacDigester {
@Autowired
private Base64EncodedMac mac;
public void myBusinessMethod() {
String b64message = Base64.encode("eat me!");
String b64digest = mac.digest(message);
}
}