Message Digests
Message digests use an algorythm to compute a value, often a hash value,
based on the bytes of a file, usually composed of a jar, bytecode, or binary.
- We can then compare the digest value on the client with the digest value generated from the source of the program.
- If they are equal, then we can safely say the code has not been altered. If they are not equal, then we should not run the program.
- Though there is statistical probability of having two different files with the same value, this probability is remote.
- For digests to work, two properties must hold true:
- Changing the file changes the digest.
- A forger cannot change the file and still have the same message digest as the original.
- In Java, our message digests can use two well known algorythms:
- SHA1, from the National Institutes of Standards and Technology.
- MD5, from MIT.
- We can use class MessageDigest to compute the fingerprint of a bytestream.
- You can use the static getInstance method to get an instance of the MessageDigest class, and you can specify the algorythm you want to use.
- Send either a byte or byte array to the update() method of MessageDigest.