I am a little bit confused. I want to get the bytes of an String, which is hashed with SHA1.
JavaScript:
var content = "somestring";
console.warn(content.getBytes().toString());
console.warn(CryptoJS.SHA1(content.getBytes().toString()).toString().getBytes());
String.prototype.getBytes = function () {
var bytes = [];
for (var i = 0; i < this.length; i++){
bytes.push(this.charCodeAt(i));
}
return bytes;
};
Array.prototype.toString = function(){
var result = "";
for(var i = 0; i < this.length; i++){
result += this[i].toString();
}
return result;
}
which gives me
115111109101115116114105110103
[52, 99, 97, 54, 48, 56, 99, 51, 53, 54, 102, 54, 48, 53, 50, 49, 99, 51, 49, 51, 49, 100, 49, 97, 54, 55, 57, 55, 56, 55, 98, 52, 52, 52, 99, 55, 57, 102, 54, 101]
Java:
String message = "somestring";
byte[] sha1 = MessageDigest.getInstance("SHA1").digest(message.getBytes());
System.out.println(Arrays.toString(message.getBytes()));
System.out.println(Arrays.toString(sha1));
System.out.println(new String(sha1));
which gives me
[115, 111, 109, 101, 115, 116, 114, 105, 110, 103]
[-38, 99, -5, 105, -82, -80, 60, 119, 107, -46, 62, -111, -30, -63, -53, 61, -13, 1, 53, -45]
Úcûi®°<wkÒ>‘âÁË=ó5Ó
The first output is equal on JavaScript and Java, but the second is different. Why and how is a checksum like Úcûi®°<wkÒ>‘âÁË=ó5Ó possible?
Here's the solution:
Javascript:
key = 'testKey';
var hashedKey = CryptoJS.SHA1(key);
console.log(hashedKey);
Output: 2420e186fcdb8d0ea08d82fdfbfb8722d6cbf606
Java:
password="testKey";
final MessageDigest md = MessageDigest.getInstance("SHA1");
ByteArrayOutputStream pwsalt = new ByteArrayOutputStream();
pwsalt.write(password.getBytes("UTF-8"));
byte[] unhashedBytes = pwsalt.toByteArray();
byte[] digestVonPassword = md.digest(unhashedBytes);
System.out.println(bytesToHex(digestVonPassword));
Output: 2420E186FCDB8D0EA08D82FDFBFB8722D6CBF606
With the exceptions of capital vs. lowercase, the output is the same. It's in hex, by the way.
In your JavaScript you're doing a SHA-1 on a String which is the numbers from a byte Array (so is different to your String content).
console.warn(CryptoJS.SHA1(content.getBytes().toString()).toString().getBytes());
// ^^
In your Java, you're doing a SHA-1 on a byte[] (which is equivalent to your String content)
byte[] sha1 = MessageDigest.getInstance("SHA1").digest(message.getBytes());
// ^^
Your toString is creating a very different piece of data to what you're SHA-1-ing in Java.
Also (not sure if relevant): internally, JavaScript uses UTF-16 for Strings.
Further, the logged output of your JavaScript cannot be a SHA-1 as it is the wrong length; this is due to .toString().getBytes() repeated on the sha1 after it's been calculated (Stephen C mentions this in this comment).
I found this library. It produces same values as Java
来源:https://stackoverflow.com/questions/17355421/different-in-java-sha1-vs-javascript-sha1