Documentation

Message Authentication Codes

<crypt:mac id="mac" secretKey-ref="secretKey" algorithm="HmacSHA1" provider="BC"/>

<crypt:secretKey id="secretKey" keystore-ref="keystore" alias="hmac" password="changeit"/>
<crypt:keystore id="keystore" location="classpath:keystore.jceks" password="changeit" type="JCEKS"/>

For your reference, the JCEKS keystore above was created like this:

$ keytool -keystore keystore.jceks -genseckey -keyalg HmacSHA1 -keysize 2048 -alias hmac -storetype jceks -storepass changeit -keypass changeit

algorithm

HmacSHA1 is the default algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

Here is an example implementation.

import com.springcryptoutils.core.mac.Mac;

public class MyMacDigester {

    @Autowired
    // NB: this is a com.springcryptoutils.core.mac.Mac
    //     not a javax.security.Mac
    private Mac mac;

    public void myBusinessMethod() {
        byte[] message = "eat me!".getBytes();
        byte[] digest = mac.digest(message);
    }
}

You shouldn't allow your raw bytes to wander the internets unarmed. This is why we also provide a base64 encoded version for message authentication codes.

<crypt:b64Mac id="mac" secretKey-ref="secretKey" algorithm="HmacSHA1" provider="BC"/>

<crypt:secretKey id="secretKey" keystore-ref="keystore" alias="hmac" password="changeit"/>
<crypt:keystore id="keystore" location="classpath:keystore.jceks" password="changeit" type="JCEKS"/>

For your reference, the JCEKS keystore above was created like this:

$ keytool -keystore keystore.jceks -genseckey -keyalg HmacSHA1 -keysize 2048 -alias hmac -storetype jceks -storepass changeit -keypass changeit

algorithm

HmacSHA1 is the default algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

Here is an example implementation.

import com.springcryptoutils.core.mac.Base64EncodedMac;

public class MyMacDigester {

    @Autowired
    private Base64EncodedMac mac;

    public void myBusinessMethod() {
        String b64message = Base64.encode("eat me!");
        String b64digest = mac.digest(message);
    }
}