public class HMACConfidentialKey extends ConfidentialKey
ConfidentialKey
that's used for creating a token by hashing some information with secret
(such as hash(msg|secret)
).
This provides more secure version of it by using HMAC. See http://rdist.root.org/2009/10/29/stop-using-unsafe-keyed-hashes-use-hmac/ for background. This implementation also never leaks the secret value to outside, so it makes it impossible for the careless caller to misuse the key (thus protecting ourselves from our own stupidity!)
Constructor and Description |
---|
HMACConfidentialKey(Class owner,
String shortName) |
HMACConfidentialKey(Class owner,
String shortName,
int length)
Calls into
HMACConfidentialKey(String, int) by combining the class name and the shortName
as the ID. |
HMACConfidentialKey(String id)
Calls into
HMACConfidentialKey(String, int) with the longest possible HMAC length. |
HMACConfidentialKey(String id,
int length) |
Modifier and Type | Method and Description |
---|---|
boolean |
checkMac(byte[] message,
byte[] mac)
Convenience method for verifying the MAC code.
|
boolean |
checkMac(String message,
String mac)
Verifies MAC constructed from
mac(String) |
Mac |
createMac()
Creates a new
Mac object. |
byte[] |
mac(byte[] message)
Computes the message authentication code for the specified byte sequence.
|
String |
mac(String message)
Computes the message authentication code and return it as a string.
|
getId, load, store
public HMACConfidentialKey(String id, int length)
length
- Byte length of the HMAC code.
By default we use HMAC-SHA256, which produces 256bit (=32bytes) HMAC,
but if different use cases requires a shorter HMAC, specify the desired length here.
Note that when using mac(String)
, string encoding causes the length to double.
So if you want to get 16-letter HMAC, you specify 8 here.public HMACConfidentialKey(String id)
HMACConfidentialKey(String, int)
with the longest possible HMAC length.public HMACConfidentialKey(Class owner, String shortName, int length)
HMACConfidentialKey(String, int)
by combining the class name and the shortName
as the ID.public byte[] mac(byte[] message)
public boolean checkMac(byte[] message, byte[] mac)
public String mac(String message)
public boolean checkMac(String message, String mac)
mac(String)
Copyright © 2004–2021. All rights reserved.