The Java Version Almanac
javaalmanac.io
Feedback on this page?

Message Authentication Code

A message authentication code is calculated based with a private key. Only owners of the corresponding private key can calculate and verify the authentication code. Because the private key cannot be derived from the generated hash this is a secure method to e.g. sign API calls which are transmitted over unsafe transport channels. For example verification links send via email.

Since Java 1.4

import java.nio.charset.StandardCharsets; import java.util.HexFormat; import javax.crypto.KeyGenerator; import javax.crypto.Mac; import javax.crypto.SecretKey; public class MessageAuthenticationCode { static void addSignature(Mac mac, String msg) { mac.reset(); byte[] signature = mac.doFinal(msg.getBytes(StandardCharsets.UTF_8)); System.out.printf("%s&hmac=%s%n", msg, HexFormat.of().formatHex(signature)); } public static void main(String[] args) throws Exception { SecretKey key = KeyGenerator.getInstance("HmacSHA3-256").generateKey(); Mac mac = Mac.getInstance("HmacSHA3-256"); mac.init(key); // Same content will create the same signature addSignature(mac, "confirm=alice@example.com&date=20210917"); addSignature(mac, "confirm=alice@example.com&date=20210917"); // Different content will result in a different signature addSignature(mac, "confirm=marvin@example.com&date=20210917"); } }

This snippet at GitHub

">