You want to concatenate 4 byte arrays: (1) the bytes of the password (2) the bytes of the server nonce---not the bytes of its Base64 encoding (3) the bytes of the client nonce---not the bytes of its Base64 encoding (4) the bytes of the password Here's some Java code to produce the digest: byte[] serverNonce = Base64.getDecoder().decode("0K8M9tweMjqguVkD7NGtWA=="); byte[] clientNonce = Base64.getDecoder().decode("sCXDGrQTeYTL+LMhTPTJpw=="); byte[] password = "admin".getBytes(StandardCharsets.UTF_8); ByteArrayOutputStream outputStream = new ByteArrayOutputStream( ); outputStream.write(password); outputStream.write(serverNonce); outputStream.write(clientNonce); outputStream.write(password); byte[] bytesToDigest = outputStream.toByteArray(); MessageDigest digester = MessageDigest.getInstance("SHA-1"); digester.update(bytesToDigest); byte[] digestBytes = digester.digest(); String digestString = Base64.getEncoder().encodeToString(digestBytes); System.out.println(digestString); There are better ways to verify a password; PBKDF2-HMAC-SHA1 is the best supported by the current generation of handle servers. But I'd encourage you to use a public/private keypair instead anyway. Robert
|
_______________________________________________ Handle-Info mailing list Handle-Info@cnri.reston.va.us http://www.handle.net/mailman/listinfo/handle-info