问题描述
||
去年,我在C#中编写了一次性密码(OTP)生成器。现在,我需要在Java中使用OTP生成器,但是在Java中找不到等效的函数。
这是我去年编写的代码:(我知道此OTP的安全性很低,但我不需要防弹的代码)
SHA1CryptoServiceProvider hash = new SHA1CryptoServiceProvider(); //first hash with sha1
byte[] hashPass = hash.ComputeHash(Encoding.ASCII.GetBytes(pass)); //pass is entered by user
HMACMD5 hma = new HMACMD5(hashPass); // use the hashed value as a key to hmac
OTPass = hma.ComputeHash(Encoding.ASCII.GetBytes(email + Counter(email)));// generate OTPass,Counter(email) is the counter of the user taken from database
increaseCounter(email); // updating the counter
this.SetLog(this.GetLog() + Environment.NewLine + \"OTPass Generated: \" + BitConverter.ToString(OTPass)); // OTP
import java.io.*;
import java.security.*;
public class otp {
/**
* @param args
* @throws IOException
*/
public static void main(String[] args) throws IOException {
System.out.println(\"Please enter your username:\");
BufferedReader br = new BufferedReader(new InputStreamReader(system.in));
String username = br.readLine();
System.out.println(\"Please enter your password:\");
String password = br.readLine();
try {
MessageDigest md = MessageDigest.getInstance(\"SHA1\");
String input = password;
md.update(input.getBytes());
byte[] output = md.digest();
System.out.println();
System.out.println(\"SHA1(\\\"\"+input+\"\\\") =\");
System.out.println(\" \"+bytesToHex(output));
} catch (Exception e) {
System.out.println(\"Exception: \"+e);
}
}
public static String bytesToHex(byte[] b) {
char hexDigit[] = {\'0\',\'1\',\'2\',\'3\',\'4\',\'5\',\'6\',\'7\',\'8\',\'9\',\'A\',\'B\',\'C\',\'D\',\'E\',\'F\'};
StringBuffer buf = new StringBuffer();
for (int j=0; j<b.length; j++) {
buf.append(hexDigit[(b[j] >> 4) & 0x0f]);
buf.append(hexDigit[b[j] & 0x0f]);
}
return buf.toString();
}
}
解决方法
我一直用BouncyCastle
您可以查看以下几页:
弹力城堡HMac
BouncyCastle规格
还是坚持使用Java 6:
Mac hmacMd5 = Mac.getInstance(\"HMACMD5\");