Niklas Niklas - 1 month ago 13
Javascript Question

Different in Java SHA1 vs JavaScript SHA1

I am a little bit confused. I want to get the bytes of an String, which is hashed with SHA1.

JavaScript:

var content = "somestring";
console.warn(content.getBytes().toString());
console.warn(CryptoJS.SHA1(content.getBytes().toString()).toString().getBytes());

String.prototype.getBytes = function () {
var bytes = [];
for (var i = 0; i < this.length; i++){
bytes.push(this.charCodeAt(i));
}
return bytes;
};

Array.prototype.toString = function(){
var result = "";
for(var i = 0; i < this.length; i++){
result += this[i].toString();
}
return result;
}


which gives me

115111109101115116114105110103
[52, 99, 97, 54, 48, 56, 99, 51, 53, 54, 102, 54, 48, 53, 50, 49, 99, 51, 49, 51, 49, 100, 49, 97, 54, 55, 57, 55, 56, 55, 98, 52, 52, 52, 99, 55, 57, 102, 54, 101]


Java:

String message = "somestring";
byte[] sha1 = MessageDigest.getInstance("SHA1").digest(message.getBytes());
System.out.println(Arrays.toString(message.getBytes()));
System.out.println(Arrays.toString(sha1));
System.out.println(new String(sha1));


which gives me

[115, 111, 109, 101, 115, 116, 114, 105, 110, 103]
[-38, 99, -5, 105, -82, -80, 60, 119, 107, -46, 62, -111, -30, -63, -53, 61, -13, 1, 53, -45]
Úcûi®°<wkÒ>‘âÁË=ó5Ó


The first output is equal on JavaScript and Java, but the second is different. Why and how is a checksum like
Úcûi®°<wkÒ>‘âÁË=ó5Ó
possible?

Answer

Here's the solution:

Javascript:

key = 'testKey';
var hashedKey = CryptoJS.SHA1(key);
console.log(hashedKey);

Output: 2420e186fcdb8d0ea08d82fdfbfb8722d6cbf606

Java:

password="testKey";
final MessageDigest md = MessageDigest.getInstance("SHA1");
ByteArrayOutputStream pwsalt = new ByteArrayOutputStream();
pwsalt.write(password.getBytes("UTF-8"));
byte[] unhashedBytes = pwsalt.toByteArray();
byte[] digestVonPassword = md.digest(unhashedBytes);
System.out.println(bytesToHex(digestVonPassword));

Output: 2420E186FCDB8D0EA08D82FDFBFB8722D6CBF606

With the exceptions of capital vs. lowercase, the output is the same. It's in hex, by the way.

Comments