<crypt:mac id="mac" secretKey-ref="secretKey" algorithm="HmacSHA1" provider="BC"/> <crypt:secretKey id="secretKey" keystore-ref="keystore" alias="hmac" password="changeit"/> <crypt:keystore id="keystore" location="classpath:keystore.jceks" password="changeit" type="JCEKS"/>
For your reference, the JCEKS keystore above was created like this:
$ keytool -keystore keystore.jceks -genseckey -keyalg HmacSHA1 -keysize 2048 -alias hmac -storetype jceks -storepass changeit -keypass changeit
HmacSHA1
is the default algorithm and can be omitted.
provider
attribute is optional.
Here is an example implementation.
import com.springcryptoutils.core.mac.Mac; public class MyMacDigester { @Autowired // NB: this is a com.springcryptoutils.core.mac.Mac // not a javax.security.Mac private Mac mac; public void myBusinessMethod() { byte[] message = "eat me!".getBytes(); byte[] digest = mac.digest(message); } }
You shouldn't allow your raw bytes to wander the internets unarmed. This is why we also provide a base64 encoded version for message authentication codes.
<crypt:b64Mac id="mac" secretKey-ref="secretKey" algorithm="HmacSHA1" provider="BC"/> <crypt:secretKey id="secretKey" keystore-ref="keystore" alias="hmac" password="changeit"/> <crypt:keystore id="keystore" location="classpath:keystore.jceks" password="changeit" type="JCEKS"/>
For your reference, the JCEKS keystore above was created like this:
$ keytool -keystore keystore.jceks -genseckey -keyalg HmacSHA1 -keysize 2048 -alias hmac -storetype jceks -storepass changeit -keypass changeit
HmacSHA1
is the default algorithm and can be omitted.
provider
attribute is optional.
Here is an example implementation.
import com.springcryptoutils.core.mac.Base64EncodedMac; public class MyMacDigester { @Autowired private Base64EncodedMac mac; public void myBusinessMethod() { String b64message = Base64.encode("eat me!"); String b64digest = mac.digest(message); } }