How to calculate the message digest in Java

December 10, 2016 Leave a comment

A message digest is an important concept in cryptography. A digest is an array of bytes created by a hashing formula. It is used to make sure that some digital information has not been tampered with. In a sense it is a footprint of an object, such as a file. If someone modifies the file then the footprint also changes. Then we know that the file has been changed. Another word for a message digest is checksum. There are various hashing algorithms to perform the calculation. SHA-256 and MD5 are the most common ones.

For an example you can check out the Apacha log4j2 download page here. You’ll see a column called “checksum” for various files. If you click on one of those you’ll see the MD5 hash of the file in a relatively human readable form, such as “31826c19fff94790957d798cb1caf29a”.

Java and other popular programming languages have built-in classes to construct a message digest. Let’s see an example from Java.

Say we have a file called data.txt in the C:\Tmp folder. Data.txt contains a single line “Hello world”. The following code snippet will build the message digest of the file:

try
{
    FileInputStream inputStream = new FileInputStream(new File("c:\\Tmp\\data.txt"));
    MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
    try (DigestInputStream digestInputStream = new DigestInputStream(inputStream, sha256))
    {
        while (digestInputStream.read() != -1)
        {
            //do nothing, let the digest stream go through the file input stream
        }
    }
    byte[] checksum = sha256.digest();

    System.out.println(DatatypeConverter.printBase64Binary(checksum));
    System.out.println(DatatypeConverter.printHexBinary(checksum));

}
catch (NoSuchAlgorithmException | IOException exception)
{
    System.err.println(exception.getMessage());
}

We ask the SHA-256 hashing algorithm to hash the file using DigestInputStream. We let the digest input stream read in the byte content of the file. We finally print the digest in two different forms: a base 64 and a hexadecimal string. My data.txt file gives the following checksums:

ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuyjfzw=
64EC88CA00B268E5BA1A35678A1B5316D212F4F366B2477232534A8AECA37F3C

We can also look at the MD5 checksum like on the references Apache download page. Just replace the “SHA-256” string with “MD5”. The same sample file yields the following values:

PiWWCnnbxptnTNTsZ6csYg==
3E25960A79DBC69B674CD4EC67A72C62

View all posts related to Java here.

Advertisement

Filed under Java, Security Tagged with ,

About Andras Nemes
I'm a .NET/Java developer living and working in Stockholm, Sweden.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Elliot Balynn's Blog

A directory of wonderful thoughts

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog

WEB APPLICATION DEVELOPMENT TUTORIALS WITH OPEN-SOURCE PROJECTS

Once Upon a Camayoc

Bite-size insight on Cyber Security for the not too technical.

%d bloggers like this: