SHA1 File Digest

I am working on an application in Air (Ajax-HTML) that
downloads files from our webserver. Once the file is downloaded,
the app needs to make sure that the file is not corrupted. In
similar (non-Air) aplications, I've computed SHA1 file digests on
the downloaded files and then compared them to the correct value. I
am having trouble doing this in Air.
I found a javascript library that computes the SHA1 value,
but when I pass it one of my downloaded files (in a byte array), it
never returns the hash value (ok, not never - I have let it run for
15 minutes with no result). I don't get an error - just no result.
I found an actionscript implementation that I thought might
be worth a shot, but I do not know how to incoporate it into my
application. The file that I have is an mxp file (whatever that
is). I found it on the Adobe site at:
http://www.adobe.com/cfusion/exchange/index.cfm?event=extensionDetail&extid=1016041
Can anyone help?
thanks,
Doug

Have you tried these algorithms with a tiny file, say, 1 KB?
If you're starting out with something a few GB, maybe it's just not
crunching through it fast enough for your purposes. If that works,
work your way up to your actual file size by steps to see if either
it's either a data rate problem or some size threshold issue.
EDIT: ActionScript/Flex can be deceptively fast when you use
it for what it was designed to do, being a scripting language to
drive the Flash player, which has a lot of highly-optimized native
code in it. Used this way, the majority of your CPU time can be
spent executing native code instead of interpreting AS code.
EDIT: For pure number crunching, you're spending 100% of your
time in AS code, which could easily be 10 or more times slower than
native, apples-to-apples. An AS-optimized library should be able to
avoid the worst problem that affects JS code of this sort, the lack
of true integers. (The Number type is a float!) I'd try that SHA256
routine, though, as they may be delegating to native code in the
Flash player. It's a better algorithm anyway. SHA-1 has a few known
weaknesses; not as bad as MD5, but not bulletproof, either.

Similar Messages

Java.lang.SecurityException: invalid SHA1 signature file digest for com/cry

While running AVK I've got following error reported on 3d party code we are using. Is there anything that I can do to resolve this issue?
Thank you in advance,
Irena
     Error Name : com.sun.enterprise.tools.verifier.tests.web.WebArchiveClassesLoadable
     Error Description : java.lang.SecurityException: invalid SHA1 signature file digest for com/crystaldecisions/MetafileRenderer/DeviceContext$GDIState.class
     at sun.security.util.SignatureFileVerifier.verifySection(SignatureFileVerifier.java:390)
     at sun.security.util.SignatureFileVerifier.process0(SignatureFileVerifier.java:241)
     at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:191)
     at java.util.jar.JarVerifier.processEntry(JarVerifier.java:235)
     at java.util.jar.JarVerifier.update(JarVerifier.java:190)
     at java.util.jar.JarFile.initializeVerifier(JarFile.java:304)
     at java.util.jar.JarFile.getInputStream(JarFile.java:366)
     at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:119)
     at java.net.URL.openStream(URL.java:913)
     at java.lang.ClassLoader.getResourceAsStream(ClassLoader.java:997)
     at com.sun.enterprise.tools.verifier.apiscan.classfile.BCELClassFileLoader.load(BCELClassFileLoader.java:69)
     at com.sun.enterprise.tools.verifier.apiscan.classfile.ClosureCompilerImpl.buildClosure(ClosureCompilerImpl.java:170)
     at com.sun.enterprise.tools.verifier.apiscan.classfile.ClosureCompilerImpl.buildClosure(ClosureCompilerImpl.java:176)
     at com.sun.enterprise.tools.verifier.apiscan.classfile.ClosureCompilerImpl.buildClosure(ClosureCompilerImpl.java:176)
     at com.sun.enterprise.tools.verifier.apiscan.classfile.ClosureCompilerImpl.buildClosure(ClosureCompilerImpl.java:176)
     at com.sun.enterprise.tools.verifier.apiscan.classfile.ClosureCompilerImpl.buildClosure(ClosureCompilerImpl.java:133)
     at com.sun.enterprise.tools.verifier.tests.web.WebArchiveClassesLoadable.check(WebArchiveClassesLoadable.java:53)
     at com.sun.enterprise.tools.verifier.tests.web.WebTest.check(WebTest.java:46)
     at com.sun.enterprise.tools.verifier.CheckMgr.check(CheckMgr.java:76)
     at com.sun.enterprise.tools.verifier.web.WebCheckMgrImpl.check(WebCheckMgrImpl.java:32)
     at com.sun.enterprise.tools.verifier.BaseVerifier.verify(BaseVerifier.java:86)
     at com.sun.enterprise.tools.verifier.web.WebVerifier.verify(WebVerifier.java:43)
     at com.sun.enterprise.tools.verifier.VerificationHandler.runVerifier(VerificationHandler.java:136)
     at com.sun.enterprise.tools.verifier.VerificationHandler.verifyArchive(VerificationHandler.java:82)
     at com.sun.enterprise.tools.verifier.Verifier.verify(Verifier.java:75)
     at com.sun.enterprise.tools.verifier.Verifier.main(Verifier.java:53)

could you solve the problem? while I'm connecting to sql server , I get the same error. in fact, i can connect to server through eclipse ide but when i export my application into a jar and try connecting to server through the jar, this problem occurs.
I thought, you can give me a idea. I don't know where I should start. please, help me..
Exception in thread "main" java.lang.SecurityException: invalid SHA1 signature f
ile digest for com/microsoft/sqlserver/jdbc/SQLServerException.class
at sun.security.util.SignatureFileVerifier.verifySection(Unknown Source)
at sun.security.util.SignatureFileVerifier.processImpl(Unknown Source)
at sun.security.util.SignatureFileVerifier.process(Unknown Source)
at java.util.jar.JarVerifier.processEntry(Unknown Source)
at java.util.jar.JarVerifier.update(Unknown Source)
at java.util.jar.JarFile.initializeVerifier(Unknown Source)
at java.util.jar.JarFile.getInputStream(Unknown Source)
at sun.misc.URLClassPath$JarLoader$2.getInputStream(Unknown Source)
at sun.misc.Resource.cachedInputStream(Unknown Source)
at sun.misc.Resource.getByteBuffer(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$000(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)

SHA1 hex digest

Hello!
I have some questions about MessageDigest class.
In specification I have SHA1 hexdigest string build from some params but, only what i have is a classic digest string. Is there any way to retrieve full hexdigest string from MessageDigest class, for know I test something like this (try/catch removed ;)
MessageDigest digest = MessageDigest.getInstance("SHA1");
String toDigest = "BLAHBLAH;"+"FOOBAR";
String asdf = new String(
digest.digest(
toDigest.getBytes()
in asdf is digest string how to convert it do hexdigest?

maybe i will show little egzample in perl:#!/usr/bin/perl
use Digest::SHA1 qw(sha1 sha1_hex sha1_base64);
print (sha1("asdf:fdsa")."\n");
print (sha1_hex("asdf:fdsa")."\n");
print (sha1_base64("asdf:fdsa")."\n");
and output is like this:
hbiÆÒŸ?P¦<wõ—˜MP�p
0d68626901c6d29f3f50a63c77f597984d50dd70
DWhiaQHG0p8/UKY8d/WXmE1Q3XA
in this spec that i have sha1_hex is used how to gain this output. with example above i have allmost good ouput 'allmost' ;) because there are no leading 0 and some bytes are represented as ffffffd2, those 0 i can paste ;) by hand , but what about those ff's ? even f2 is followed by it but ok, i know what is going on maybe i will write 2hex myself ;)

Sha1 hash function (Message Digest)

I am trying to create a program that lists the current java programs in a directory that is run through command line arguments, ( which works) however once i have populated all the java files i need to then turn the file names into sha1 message digests for the next step. I have the relevant code for this to work but i can not get it to compile is there something i have done wrong? or put the code in the wrong place?? here is my code feel free to amend it.
Thanks Mich
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.io.File;
import java.io.FilenameFilter;
import java.util.Scanner;
public class ListDirectories implements FilenameFilter {
static Scanner sc = new Scanner(System.in);
public static void main (String [] args) throws UnsupportedEncodingException, NoSuchAlgorithmException {
String path = args [0];
ListDirectories ff = new ListDirectories();
ff.process(path);
public void process(String dir) {
String objects[] = (new File(dir)).list(this);
for (int i = 0; i < objects.length; i++) {
System.out.println("TRACE:"+objects);
public boolean accept(File dir, String s) {
if (s.endsWith(".java")) {
return true;
return false;
//public void MessageDigest(){
MessageDigest md = MessageDigest.getInstance("SHA");
try {
md.update(objects);
MessageDigest objects = md.clone();
byte[] objectsDigest = objects.digest();
md.update(objects);
} catch (CloneNotSupportedException cnse) {
throw new DigestException("couldn't make digest of partial content");

import java.io.UnsupportedEncodingException;
import java.security.DigestException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.io.File;
import java.io.FilenameFilter;
import java.util.Scanner;
public class ListDirectories implements FilenameFilter {
     static Scanner sc = new Scanner(System.in);
     public static void main (String [] args) throws UnsupportedEncodingException, NoSuchAlgorithmException {
          String path = args [0];
          ListDirectories ff = new ListDirectories();
          ff.process(path);
     public void process(String dir) {
          String objects[] = (new File(dir)).list(this);
          for (int i = 0; i < objects.length; i++) {
               System.out.println("TRACE:"+objects);
     public boolean accept(File dir, String s) {
          if (s.endsWith(".java")) {
               return true;
          return false;
     public void MessageDigest(){
          MessageDigest md = MessageDigest.getInstance("SHA");
          try {
               MessageDigest objects = md.clone();
               md.update(objects);
               byte[] objectsDigest = objects.digest();
               md.update(objects);
          } catch (CloneNotSupportedException cnse) {
               throw new DigestException("couldn't make digest of partial content");
}this where the error occur
MessageDigest objects = md.clone();
md.update(objects);
byte[] objectsDigest = objects.digest();
md.update(objects);
The method update(byte) in the type MessageDigest is not applicable for the argumentsListDirectories.java     line 42     1187874400500     26683
The method update(byte) in the type MessageDigest is not applicable for the arguments ListDirectories.java     line 44     1187874400500     26684
Type mismatch: cannot convert from Object to MessageDigest     Test2     ListDirectories.java     line 41     1187874400500     26682

Help: Running iTunes U perl script: Can't locate Digest/SHA.pm

We are using IIS 6.0 on Windows Server 2003.
We have installed v5.008008 of Active Perl.
We changed the sample iTunesU.pl script with our school data
When we run the script from the command prompt we get the following error:
Can't locate Digest/SHA.pm in @INC (@INC contains: E:/Perl/site/lib E:/Perl/lib
.) at E:\Webapps\ajula\CGI\ITunesU.pl line 87.
BEGIN failed--compilation aborted at E:\Webapps\ajula\CGI\ITunesU.pl line 87.
How can fix this problem
Thanks
Moshe AJULA.EDU

I followed the instructions in the sample files.
On the server I ran perl -MCPAN -e shell
It showed errors and problem for when installing Digest::SHA and Crypt::SSLeay
Here is a copy of the restults.
Can you help me figuring out what is wrong?
Thanks
-------------------------- Resutls of install --------------------
In the cpan> prompt
cpan shell -- CPAN exploration and modules installation (v1.9102)
ReadLine support enabled
cpan> install URI::Escape
CPAN: Storable loaded ok (v2.16)
Going to read E:\Perl\cpan\Metadata
Database was generated on Mon, 26 Nov 2007 10:36:39 GMT
URI::Escape is up to date (3.28).
cpan> install Digest::SHA
Running install for module 'Digest::SHA'
Running make for M/MS/MSHELOR/Digest-SHA-5.45.tar.gz
CPAN: checksum security checks disabled because Digest::SHA not installed.
Please consider installing the Digest::SHA module.
CPAN: Time::HiRes loaded ok (v1.9707)
Scanning cache E:\Perl/cpan/build for sizes
............................................................................DONE
CPAN: Compress::Zlib loaded ok (v1.4201)
CPAN: Archive::Tar loaded ok (v1.3201)
Digest-SHA-5.45/
Digest-SHA-5.45/README
Digest-SHA-5.45/src/
Digest-SHA-5.45/src/hmac.h
Digest-SHA-5.45/src/hmacxtra.c
Digest-SHA-5.45/src/sha.h
Digest-SHA-5.45/src/shaxtra.c
Digest-SHA-5.45/src/sha64bit.h
Digest-SHA-5.45/src/sha64bit.c
Digest-SHA-5.45/src/hmac.c
Digest-SHA-5.45/src/sha.c
Digest-SHA-5.45/Makefile.PL
Digest-SHA-5.45/examples/
Digest-SHA-5.45/examples/dups
Digest-SHA-5.45/META.yml
Digest-SHA-5.45/Changes
Digest-SHA-5.45/shasum
Digest-SHA-5.45/typemap
Digest-SHA-5.45/MANIFEST
Digest-SHA-5.45/SHA.pm
Digest-SHA-5.45/t/
Digest-SHA-5.45/t/nistbyte.t
Digest-SHA-5.45/t/nistbit.t
Digest-SHA-5.45/t/rfc2202.t
Digest-SHA-5.45/t/bitbuf.t
Digest-SHA-5.45/t/hmacsha.t
Digest-SHA-5.45/t/podcover.t
Digest-SHA-5.45/t/methods.t
Digest-SHA-5.45/t/sha224.t
Digest-SHA-5.45/t/dumpload.t
Digest-SHA-5.45/t/sha384.t
Digest-SHA-5.45/t/sha1.t
Digest-SHA-5.45/t/sha512.t
Digest-SHA-5.45/t/gg.t
Digest-SHA-5.45/t/allfcns.t
Digest-SHA-5.45/t/gglong.t
Digest-SHA-5.45/t/pod.t
Digest-SHA-5.45/t/woodbury.t
Digest-SHA-5.45/t/fips198.t
Digest-SHA-5.45/t/ireland.t
Digest-SHA-5.45/t/base64.t
Digest-SHA-5.45/t/sha256.t
Digest-SHA-5.45/SHA.xs
CPAN: File::Temp loaded ok (v0.18)
CPAN.pm: Going to build M/MS/MSHELOR/Digest-SHA-5.45.tar.gz
Checking if your kit is complete...
Looks good
Writing Makefile for Digest::SHA
Could not read 'E:\Perl\cpan\build\Digest-SHA-5.45-KfEI5d\META.yml'. Falling bac
k to other methods to determine prerequisites
'nmake' is not recognized as an internal or external command,
operable program or batch file.
MSHELOR/Digest-SHA-5.45.tar.gz
nmake -- NOT OK
Warning (usually harmless): 'YAML' not installed, will not store persistent stat
e
Running make test
Can't test without successful make
Running make install
Make had returned bad status, install seems impossible
Failed during this command:
MSHELOR/Digest-SHA-5.45.tar.gz : make NO
cpan> install LWP::UserAgent
LWP::UserAgent is up to date (2.036).
cpan> install Crypt::SSLeay
Running install for module 'Crypt::SSLeay'
Running make for D/DL/DLAND/Crypt-SSLeay-0.57.tar.gz
CPAN: LWP::UserAgent loaded ok (v2.036)
Fetching with LWP:
http://ppm.activestate.com/CPAN/authors/id/D/DL/DLAND/Crypt-SSLeay-0.57.tar.gz
CPAN: checksum security checks disabled because Digest::SHA not installed.
Crypt-SSLeay-0.57
Crypt-SSLeay-0.57/t
Crypt-SSLeay-0.57/Changes
Crypt-SSLeay-0.57/lib
Crypt-SSLeay-0.57/certs
Crypt-SSLeay-0.57/MANIFEST
Crypt-SSLeay-0.57/TODO
Crypt-SSLeay-0.57/typemap
Crypt-SSLeay-0.57/MANIFEST.SKIP
Crypt-SSLeay-0.57/eg
Crypt-SSLeay-0.57/SSLeay.pm
Crypt-SSLeay-0.57/SSLeay.xs
Crypt-SSLeay-0.57/README
Crypt-SSLeay-0.57/Makefile.PL
Crypt-SSLeay-0.57/META.yml
Crypt-SSLeay-0.57/eg/lwp-ssl-test
Crypt-SSLeay-0.57/eg/net-ssl-test
Crypt-SSLeay-0.57/certs/ca-bundle.crt
Crypt-SSLeay-0.57/certs/notacakeynopass.pem
Crypt-SSLeay-0.57/certs/notacacert.pem
Crypt-SSLeay-0.57/lib/Crypt
Crypt-SSLeay-0.57/lib/Net
Crypt-SSLeay-0.57/lib/Net/SSL.pm
Crypt-SSLeay-0.57/lib/Crypt/SSLeay
Crypt-SSLeay-0.57/lib/Crypt/SSLeay/MainContext.pm
Crypt-SSLeay-0.57/lib/Crypt/SSLeay/Conn.pm
Crypt-SSLeay-0.57/lib/Crypt/SSLeay/X509.pm
Crypt-SSLeay-0.57/lib/Crypt/SSLeay/Err.pm
Crypt-SSLeay-0.57/lib/Crypt/SSLeay/CTX.pm
Crypt-SSLeay-0.57/t/00-basic.t
Crypt-SSLeay-0.57/t/02-live.t
Crypt-SSLeay-0.57/t/01-connect.t
CPAN.pm: Going to build D/DL/DLAND/Crypt-SSLeay-0.57.tar.gz
========================================================================
No installed SSL libraries found in any of the following places.
c:\openssl
You will have to either specify a directory location at the following
prompt, or rerun the Makefile.PL program and use the --lib switch
to specify the path. If the path in question is considered standard
on your platform, please consider filing a bug report in order to
have it taken into account in a subsequent version of Crypt::SSLeay.
Which SSL install path do you want to use? c:\openssl
c:\openssl does not appear to be an SSL library installation, since
the required header files were not found. The build cannot proceed.
Warning: No success on command[E:\Perl\bin\perl.exe Makefile.PL]
Warning (usually harmless): 'YAML' not installed, will not store persistent stat
e
DLAND/Crypt-SSLeay-0.57.tar.gz
E:\Perl\bin\perl.exe Makefile.PL -- NOT OK
Running make test
Make had some problems, won't test
Running make install
Make had some problems, won't install
Could not read 'E:\Perl\cpan\build\Crypt-SSLeay-0.57-5QWh9O\META.yml'. Falling b
ack to other methods to determine prerequisites
Failed during this command:
DLAND/Crypt-SSLeay-0.57.tar.gz : writemakefile NO 'E:\Perl\bin\pe
rl.exe Makefile.PL' returned status 512

Database does not contain a URL for the file

How do I find out what file/update this is:
The file digest/hash does not exist in the SUSDB, but I have no idea looking at the windowsupdate or softwaredistribution.log what file it is referring to.
SELECT [FileDigest]
      ,[DigestAlgorithm]
      ,[AdditionalHash]
FROM [SUSDB].[dbo].[tbFileHash] fh
WHERE fh.FileDigest =0x15B82F101E79C1E2181E43CC8A3CC137CBFDC91D
or fh.AdditionalHash =0x15B82F101E79C1E2181E43CC8A3CC137CBFDC91D
0 rows found
Softwaredistribution.log
2014-10-07 23:07:04.319 UTC   Error   w3wp.5   ClientImplementation.GetExtendedUpdateInfo   System.ArgumentException: The database does not contain a URL for the file 15B82F101E79C1E2181E43CC8A3CC137CBFDC91D.
Parameter name: fileDigests
   at Microsoft.UpdateServices.Internal.DataAccess.ExecuteSpGetFileLocations(Byte[][] fileDigests)
   at Microsoft.UpdateServices.Internal.DataAccessCache.GetFileLocations(Byte[][] fileDigests, DataAccess da)
   at Microsoft.UpdateServices.Internal.ClientImplementation.GetExtendedUpdateInfo(Cookie cookie, Int32[] revisionIds, XmlUpdateFragmentType[] fragmentTypes, String[] locales)
   at Microsoft.UpdateServices.Internal.ClientImplementation.GetExtendedUpdateInfo(Cookie cookie, Int32[] revisionIds, XmlUpdateFragmentType[] fragmentTypes, String[] locales)
   at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.Web.Services.Protocols.LogicalMethodInfo.Invoke(Object target, Object[] values)
   at System.Web.Services.Protocols.WebServiceHandler.Invoke()
   at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()
   at System.Web.Services.Protocols.SyncSessionlessHandler.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
   at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
   at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

How do I find out what file/update this is:
Hows about.. rather than chasing a rabbit down the hole doing whatever you think you're doing...
We start with this: What problem is it that you're actually trying to solve?
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

MD5 identical for font files

I put together a script that uses openssl sha1 <file> to check for duplicate files in a folder hierarchy.
It gives the same hash result for all the members of a font family. Does that make sense as I would have thought there would be some differences between the Suitcase and Postscript files.

MarkDouma® wrote:
Are these font files resource fork-based, or data fork-based? Traditional Mac font suitcases and PostScript Type 1 outline fonts are resource fork based files. Most of the command line tools only recognize the data fork of files, and will regard a resource fork-based file like a font suitcase as empty. The hash you're getting back will most likely be the hash you'd get for an empty file (for example, if you created a test file using "touch ~/Desktop/testFile").
That appears to be exactly the case. I tested md5 and +openssl sha1+ on a couple of fonts I've have for aeons. I get the same hash as if I create an empty file with touch.
This "..namedfork" method worked in OS X 10.4.x and prior, but as far as I remember, they removed support for that way of accessing files from OS X 10.5.
You can get to the resource fork on Leopard by appending /rsrc:
$ ls -l Aquil
-rwxrwxrwx@ 1 username staff 0 Sep 9 1998 Aquil
$ ls -l Aquil/rsrc
-rwxrwxrwx 1 username staff 156440 Sep 9 1998 Aquil/rsrc
$ touch test.txt
$ md5 -q test.txt
d41d8cd98f00b204e9800998ecf8427e
$ md5 -q Aquil
d41d8cd98f00b204e9800998ecf8427e
$ md5 -q Aquil/rsrc
b872478171cb1fd9838c7ecef926c89b
So a script would probably need some kind of logic where it looks for zero-length files, then checks to see if there's a resource fork. If there is, then get the hash of that instead...
charlie

Maven problem: class file not added in excecutable after compilation

Hi,
I ran into the following issue.
I created a program, capable of reading an identity card from an electronic card reader. I use maven for dependency management and compilation.
The libraries used for reading the card reader are not from any maven repository. So I cheated a little bit and added the jar file to the repository myself
and created a pom file for it too in the repository. I respected the structure groupId - artifactId - version . It is something like
          <dependency>
               <groupId>be.belgium.eid</groupId>
               <artifactId>beid35JavaWrapper-win</artifactId>
               <version>3.5</version>
               <type>jar</type>
          </dependency>
The jar file and a pom file are then to be found on that location. When running the program in my development environment, everything runs fine.
But when I create an executable for this program, the class files for these libs are not added to the created executable.
questions:
1/ Do I also need to create the .sha1 file for this. If so: how?
2/ What are these .sha1 files
3/ Has anyone written a similar program, but with eid libs from maven? Which ones?
thanks for any help
Edited by: user8276126 on Apr 2, 2011 9:07 AM

try clearing cache and restarting tomcat. If you post the code that you are using to call the methods it will help to find the issue.

Sha1 to base64 key format needed

Hello All,
I am new to Java and trying to get my arms around the various places to find new classes for various functions.
I am trying to find a class that will convert a seed string using SHA1 into a base64 string. I have done some heavy trolling through many google pointers but I have not found exactly what I am looking for.
In perl I would use something like the following two lines:
use Digest::SHA1 qw(sha1_base64);
$base64digeststring = sha1_base64("foobar");
Does anybody have any stubs of code for this?
Thanks,
Mark

I java it is two seperate steps. The first is to SHA-1 digest the input and then to base64 encode the resulting digest.
MessageDigest md = MessageDigest.getInstance("SHA1");
byte[] digest = md.digest(input.getBytes("ASCII"));
String enc = Base64.encode(digest);
The above example assumes you have a Base64.class which you probably don't. MessageDigest on the other hand is included in the base jdk and jre so that line should work fine for you out of the box. So in short what you really need to find is a Base64 encoder/decoder class(es).
There is one that is packaged with Sun's JDK in the sun.misc package. Problem with using that is that it only exists on Sun's JVMs (aka IBM jvm would result in your app failing). However, if you search for Base64 and Java you should find numerous open source impls you can use..
Enjoy..

Getting Message Digest from Signature?

I'm developing an application that requires the use of a signed message digest, so I'm using the java.security.Signature class to create and sign the digest. I'd also like to be able to extract the unencrypted message digest from the Signature object, but there doesn't appear to be any method(s) provided by the Signature class to do that. Is it possible to obtain the unencrypted message digest from a Signature object or is that not supported by the JDK?

JDK does not have any API to extract the unencrypted message....
Once we set the signature object with SHA1withDSA ,.....it uses SHA1 for digesting and DSA for encryption.
Even i am trying for that buddy,,
Rgds,
Anand

PBE With SHA1 And DES on SunJCE

Previously i used Bouncy Castle for using the "PBEWithSHA1AndDES" cipher. However, Now we are porting to pure SunJCE. When I print the provider capabilities, The best I could get was "PBEWithMD5AndDES". Is it somehow possible to do PBE using SHA1 in SunJCE? I really dont want to use MD5 because it is less secure than SHA1.
This is one of the alternatives i thought of :-
1) Write my own PKCS 5 Key generator(That uses SHA1 Message Digest)
2) Use the resultant key with the simple DES Cipher, which I retrive using
Cipher.getInstance("DES").
Is there any other alternative which will save me the trouble?
Thanks in advance

The hash (MD5 or SHA1) is only used in the generation of the DES key from the password and using MD5 will make little difference to the security of your system since the entropy of the DES key generation will probably be dominated by the password used.
The generation of the DES key from password using SHA1 is not a trivial process and I will guarantee that, unless you follow the formal specification exactly, you will create a key that is less secure than using the built in MD5 version.
Unless you are creating compatibility with an existing system (which does not seem likely from your posting) then you should not really use DES at all. The latest algorithm is AES but I don't think there is a PBE using AES in the SunJCE. You can use PBEWithSHA1AndDESede - PBE with Triple DES which is nearly as secure as AES but slower than AES.
Also, why do you need to use PBE? For various reasons I avoid this if at all possible.
Message was edited by:
sabre150

How do I get Message Digest from Signature?

When signing some data, first one computes the message digest, then encrypts the message digest with his private key to get the signature. So, if I have the public key, I should be able to take the signature and decrypt it, yielding the original message digest. Correct?
However, there doesn't seem to be any way to do this using standard JDK functionality (JDK1.3.1). The java.security.Signature object encapsulates the message digest computation and encryption into one operation, and encapsulates the signature verification into an operation; there doesn't seem to be a way to get at the message digest.
I downloaded the Cryptix library and used the Cipher class to try to decrypt the signature, but kept getting errors. The code and error are as follows. Thanks for any ideas on how to get this to work.
package misc;
import java.util.*;
import java.security.*;
import xjava.security.*;
import cryptix.provider.*;
public class SignatureTest {
public static void main(String[] args) {
try {
Security.addProvider(new Cryptix());
// create data to sign
byte[] data = new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0};
// get message digest
MessageDigest md = MessageDigest.getInstance("SHA1");
byte[] digest = md.digest(data);
// generate keys
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
KeyPair keyPair = kpg.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
// sign data
Signature s = Signature.getInstance("SHA1withRSA");
s.initSign(privateKey);
s.update(data);
byte[] signature = s.sign();
// decrypt the signature to get the message digest
Cipher c = Cipher.getInstance("RSA");
c.initDecrypt(publicKey);
byte[] decryptedSignature = c.crypt(signature);
// message digest obtained earlier should be the same as the decrypted signature
if (Arrays.equals(digest, decryptedSignature)) {
System.out.println("successful");
} else {
System.out.println("unsuccessful");
} catch (Exception ex) {
ex.printStackTrace();
java.security.InvalidKeyException: RSA: Not an RSA private key
     at cryptix.provider.rsa.RawRSACipher.engineInitDecrypt(RawRSACipher.java:233)
     at xjava.security.Cipher.initDecrypt(Cipher.java:839)
     at misc.SignatureTest.main(SignatureTest.java:35)

I learned from someone how to do the decryption myself using BigInteger. The output shows that the decrypted signature is actually the message digest with some padding and other information prepended. See (quick and dirty) code and output below:
package misc;
import java.util.*;
import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;
import java.math.*;
public class SignatureTest {
    public static void main(String[] args) {
        try {
            // create data to sign
            byte[] data = new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0};
            // get message digest
            MessageDigest md = MessageDigest.getInstance("SHA1");
            byte[] digest = md.digest(data);
            System.out.println("Computed digest:");
            System.out.println(getHexString(digest));
            System.out.println();
            // generate keys
            KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
            KeyPair keyPair = kpg.generateKeyPair();
            PublicKey publicKey = keyPair.getPublic();
            PrivateKey privateKey = keyPair.getPrivate();
            // sign data
            Signature s = Signature.getInstance("SHA1withRSA");
            s.initSign(privateKey);
            s.update(data);
            byte[] signature = s.sign();
            System.out.println("Signature:");
            System.out.println(getHexString(signature));
            System.out.println();
            // decrypt the signature to get the message digest
            BigInteger sig = new BigInteger(signature);
            RSAPublicKey rsaPublicKey = (RSAPublicKey)publicKey;
            BigInteger result = sig.modPow(rsaPublicKey.getPublicExponent(), rsaPublicKey.getModulus());
            byte[] resultBytes = result.toByteArray();
            System.out.println("Result of decryption:");
            System.out.println(getHexString(resultBytes));
            System.out.println();
        } catch (Exception ex) {
            ex.printStackTrace();
    public static String getHexString(byte[] bytes) {
        StringBuffer sb = new StringBuffer();
        for (int i = 0; i < bytes.length; i++) {
            sb.append(Integer.toHexString(new Byte(bytes).intValue()));
sb.append(" ");
return sb.toString();
Output:
Computed digest:
ffffffe8 ffffff9a ffffffd5 ffffffa9 63 1c 3e fffffffd ffffffde ffffffd7 ffffffe3 ffffffec ffffffce 79 ffffffb4 ffffffd0 fffffffe ffffffdc ffffffe1 ffffffbf
Signature:
60 75 13 7c ffffffaf 77 6e ffffffc1 ffffffd2 4a 42 ffffffe8 45 47 20 4f ffffffbf 46 4 12 47 ffffffa9 1 ffffffe7 ffffffae 58 fffffff2 fffffffe 28 ffffffd1 25 32 49 ffffff9f ffffffe3 4 ffffffbf ffffffce 5d ffffffd9 67 70 ffffff99 ffffffbf ffffffdb 2f d ffffffb8 ffffffa4 6e ffffff9f 28 24 7d 71 50 38 ffffffe4 5f ffffffab fffffff5 ffffff93 54 4c ffffffe4 ffffff9a 11 23 66 49 ffffff8c ffffffc3 49 68 c ffffffa4 36 ffffff8f ffffffb3 57 a 58 ffffffb2 ffffffac 3e 55 ffffffe4 ffffff91 16 5e 7b ffffffe9 ffffffa6 50 ffffff9a fffffff5 22 7b ffffffd4 60 ffffffe2 fffffffe 24 ffffffa9 ffffff92 69 4b ffffffd9 44 ffffffb2 57 ffffff91 53 ffffffb9 7 fffffff7 ffffffa3 ffffffd5 61 ffffff81 ffffffb7 ffffff95 5 5b 30 7f 55 71
Result of decryption:
1 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff 0 30 21 30 9 6 5 2b e 3 2 1a 5 0 4 14 ffffffe8 ffffff9a ffffffd5 ffffffa9 63 1c 3e fffffffd ffffffde ffffffd7 ffffffe3 ffffffec ffffffce 79 ffffffb4 ffffffd0 fffffffe ffffffdc ffffffe1 ffffffbf

Error when trying to sign the Applet, please Help

Hello,
I have this Error when I am trying to sign my applet, after execut this command :
jarsigner -verify -verbose -certs test.jar
jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for classe/JDBC_SQL.class
And for your information, that I had add the JDBC_SQL.class to the jar file (test.jar) because I made some change to the file JDBC_SQL.java
so please if you know what can I do to resolve my problem
Thank you to reponse !
rania +

ahh, here is a problem. u made changes to the JDBC_SQL.java and packed the jar file. u have to sign the jar file again.
let me know if u need futher assistance

Generating & Recognizing keys in java

Hi
After running an ant target ( that checks java code for correct coding conventions ex variable naming conventions , proper indentation etc ) I need to generate a 16 digit (or more) code
When developer tries to checkin his code its required that he/she must enter this code else he/she wont be allowed to checkin
Not sure how to generate and recognize the keys ?? are there any libraries available for same ??
Any algorithm to implement the same welcome, this code wont work on client side , just a check to make sure code quality improves
Edited by: lav on Feb 23, 2010 6:48 AM

lav wrote:
Hi
After running an ant target ( that checks java code for correct coding conventions ex variable naming conventions , proper indentation etc ) I need to generate a 16 digit (or more) code
When developer tries to checkin his code its required that he/she must enter this code else he/she wont be allowed to checkin
Not sure how to generate and recognize the keys ?? are there any libraries available for same ??
Any algorithm to implement the same welcome, this code wont work on client side , just a check to make sure code quality improves
I don't understand what this has to do with 'security' but you can use the Hex encoding of the MD5/SHA1/SHA2 digest of the file.
P.S. Your developers will really really love you if you force them to manually enter a 16 digit code whenever they check in some code. You must automate this.

Sha one sum - command not found

Question: how to extract the key from a sha 1.
I have been trying to work with sha 1 sum in lower case, and upper case and the replay i receive back is the command not found.
<code>
$ sha1sum /file/path
-bash: sha1sum: command not found
SHA1SUM /file/path
SHA1SUM: command not found
$ SHA1 /file/path
SHA1: command not found
$ sha1 file/path
sha1: command not found
</code>
I did some search and there was the suggestion to use:::
openssl sha1 <path/filename.ext>,
and that worked to some degree with the options.
Yet i still cannot get a key from the digest or file to play, match keys.
any suggestions ?.
Thank you

Do you just want the sha1 digest value?
openssl sha1 tmp.tmp
SHA1(tmp.tmp)= 154848670fbf9c7b81ee88dc22c33fb2a28ad8c7
for example:
digest=$(openssl sha1 tmp.tmp)
digest=${digest/*= /}
echo $digest
154848670fbf9c7b81ee88dc22c33fb2a28ad8c7
You can use "man openssl" to find out more about the command, however, you might find more information via a google search on sha1 digests.
PS. To enter code in the forums, you use a pair of idential tags:
... your code here ...
{code}
Message was edited by: BobHarris

SHA1 File Digest

Similar Messages

Maybe you are looking for