> I have a question about the MessageDigest class in java.security.
>
> I cannot see a way of supplying a key to the digest method for my
> MessageDigest object. I have some existing C code which has a function
> called MD5Digest and it takes as input a "data stream" AND a "key". It uses
> this key to produce an appropriate message digest.
>
> I would like to create a similar message digest from Java, send it over the
> network (using sockets) and use my existing C code to verify it in the
> usual manner.
>
> I have searched archive upon archive and web site after web site but to no
> avail - it does not mention anywhere how to specify a key to the digest
> method.
>
> Can you shed any light on this subject ?
Message digests are keyless.
They are a function of the data digested and do not require
any keys.
There is a variant called Message Authentication Code (MAC).
A MAC provides a way to check
the integrity of information transmitted over or stored in an unreliable
medium, based on a secret key. Typically, message
authentication codes are used between two parties that share a secret
key in order to validate information transmitted between these
parties.
A MAC mechanism that is based on cryptographic hash functions is
referred to as HMAC. HMAC can be used with any cryptographic hash function,
e.g., MD5 or SHA-1, in combination with a secret shared key. HMAC is
specified in RFC 2104.
So maybe you are talking about HMAC-MD5? We provide that in the
Java Cryptography Extension (JCE) 1.2.
See
http://developer.javasoft.com/developer/earlyAccess/jdk12/jce.html
for more details about JCE 1.2.
Jan