121

By looking around here as well as the internet in general, I have found Bouncy Castle. I want to use Bouncy Castle (or some other freely available utility) to generate a SHA-256 Hash of a String in Java. Looking at their documentation I can't seem to find any good examples of what I want to do. Can anybody here help me out?

Improve this question
1

9 Answers 9

Reset to default
282

To hash a string, use the built-in MessageDigest class:

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.nio.charset.StandardCharsets;
import java.math.BigInteger;

public class CryptoHash {
  public static void main(String[] args) throws NoSuchAlgorithmException {
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    String text = "Text to hash, cryptographically.";

    // Change this to UTF-16 if needed
    md.update(text.getBytes(StandardCharsets.UTF_8));
    byte[] digest = md.digest();

    String hex = String.format("%064x", new BigInteger(1, digest));
    System.out.println(hex);
  }
}

In the snippet above, digest contains the hashed string and hex contains a hexadecimal ASCII string with left zero padding.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

@Harry Pham, the hash should always be the same, but without more information it would be hard to say why you are getting different ones. You should probably open a new question.
@Harry Pham: After calling digest the internal state is reset; so when you call it again without updating before, you get the hash of the empty string.
@BrendanLong Now, How to retrieval digest to String again?
@Sajjad Use your favorite base64 encoding function. I like the one in Apache Commons personally.
@Adam No, this is misleading. Calling ´toString´ on a byte array is producing a different result than converting the content of the byte array to String, Brendan Longs answer is more appropriate
|
31

This is already implemented in the runtime libs.

public static String calc(InputStream is) {
    String output;
    int read;
    byte[] buffer = new byte[8192];

    try {
        MessageDigest digest = MessageDigest.getInstance("SHA-256");
        while ((read = is.read(buffer)) > 0) {
            digest.update(buffer, 0, read);
        }
        byte[] hash = digest.digest();
        BigInteger bigInt = new BigInteger(1, hash);
        output = bigInt.toString(16);
        while ( output.length() < 32 ) {
            output = "0"+output;
        }
    } 
    catch (Exception e) {
        e.printStackTrace(System.err);
        return null;
    }

    return output;
}

In a JEE6+ environment one could also use JAXB DataTypeConverter:

import javax.xml.bind.DatatypeConverter;

String hash = DatatypeConverter.printHexBinary( 
           MessageDigest.getInstance("MD5").digest("SOMESTRING".getBytes("UTF-8")));
Improve this answer

5 Comments

this version has a bug (at least as of today and with java8@win7). try to hash '1234'. the result must start with '03ac67...' but it actually starts with '3ac67...'
@Chris thanks, I fixed this here, but I found a better solution my favorite on this is currently: stackoverflow.com/questions/415953/…
For new readers of this old thread: The favorite (MD5-hash) referred to by @stacker is now considered insecure (en.wikipedia.org/wiki/MD5).
The condition should be output.length() < 64, not 32.
How we can compare two different hashed value created using same salt? Assume, one come from form login (need to hashed using Salt before compare) and another comes from db and then how we can compare these two?
16

You don't necessarily need the BouncyCastle library. The following code shows how to do so using the Integer.toHexString function

public static String sha256(String base) {
    try{
        MessageDigest digest = MessageDigest.getInstance("SHA-256");
        byte[] hash = digest.digest(base.getBytes("UTF-8"));
        StringBuffer hexString = new StringBuffer();

        for (int i = 0; i < hash.length; i++) {
            String hex = Integer.toHexString(0xff & hash[i]);
            if(hex.length() == 1) hexString.append('0');
            hexString.append(hex);
        }

        return hexString.toString();
    } catch(Exception ex){
       throw new RuntimeException(ex);
    }
}

Special thanks to user1452273 from this post: How to hash some string with sha256 in Java?

Keep up the good work !

Improve this answer

Comments

9

When using hashcodes with any jce provider you first try to get an instance of the algorithm, then update it with the data you want to be hashed and when you are finished you call digest to get the hash value. 

MessageDigest sha = MessageDigest.getInstance("SHA-256");
sha.update(in.getBytes());
byte[] digest = sha.digest();

you can use the digest to get a base64 or hex encoded version according to your needs

Improve this answer

4 Comments

Out of curiosity, can you go straight to digest() with the input byte array, skipping update()?
One thing I noticed is that this works with "SHA-256" whereas "SHA256" throws a NoSuchAlgorithmException. No biggie.
As per my comment to Brandon, do not use String.getBytes() without specifying an encoding. Currently this code can give different results on different platforms - which is broken behaviour for a well-defined hash.
@ladenedge yes - if your string is short enought @KPthunder your right @Jon Skeet depends on the content of the string - but yes add an encoding string getBytes to be on the save side
7

Java 8: Base64 available:

    MessageDigest md = MessageDigest.getInstance( "SHA-512" );
    md.update( inbytes );
    byte[] aMessageDigest = md.digest();

    String outEncoded = Base64.getEncoder().encodeToString( aMessageDigest );
    return( outEncoded );
Improve this answer

Comments

5

I suppose you are using a relatively old Java Version without SHA-256. So you must add the BouncyCastle Provider to the already provided 'Security Providers' in your java version.

    // NEEDED if you are using a Java version without SHA-256    
    Security.addProvider(new BouncyCastleProvider());

    // then go as usual 
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    String text = "my string...";
    md.update(text.getBytes("UTF-8")); // or UTF-16 if needed
    byte[] digest = md.digest();
Improve this answer

1 Comment

+1 for mentioning BouncyCastle, which adds quite a few new MessageDigests compared to the relatively paltry selection available in the JDK.
0 
return new String(Hex.encode(digest));
Improve this answer

1 Comment

Without package/provider info the "Hex" class is not very helpful. And if that is Hex from Apache Commons Codec I would use return Hex.encodeHexString(digest) instead.
0

Using Java 8

MessageDigest digest = null;
try {
    digest = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
}
byte[] hash = digest.digest(text.getBytes(StandardCharsets.UTF_8));
String encoded = DatatypeConverter.printHexBinary(hash);        
System.out.println(encoded.toLowerCase());
Improve this answer

Comments

-1

This will work with "org.bouncycastle.util.encoders.Hex" following package 

return new String(Hex.encode(digest));

Its in bouncycastle jar.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.