1

I coded HMAC decryption. I try many time to decrypt the output.

This is my code 

package javaapplication_HMAC;

import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import com.sun.org.apache.xml.internal.security.utils.Base64;
import java.util.Formatter;

public class Encryption {

    public void Encryption_Base64(String x,String y){
     String message = x;
        String key = y;
        String algorithm = "HmacSHA1";  
        try {
            Mac sha256_hmac = Mac.getInstance(algorithm);
            SecretKeySpec secret_key = new SecretKeySpec(key.getBytes("UTF-8"), algorithm);
             sha256_hmac.init(secret_key);
            String hash = Base64.encode(sha256_hmac.doFinal(message.getBytes("UTF-8")));
            System.out.println(hash);
        } catch (NoSuchAlgorithmException | UnsupportedEncodingException | InvalidKeyException e) {
            e.printStackTrace();
        }    
    }

    public static void main(String args[]) {
        Encryption encryption_base64 = new Encryption();
        encryption_base64.Encryption_Base64("test", "123456");
    }

}

The output is : QFemksWe6HuyDAJIepZd+ldchzc=

Is it possible to decrypt it?

Mark Rotteveel
  • 90,369
  • 161
  • 124
  • 175
hex
  • 31
  • 1
  • 3
  • Possible duplicate of [Is it possible to decrypt md5 hashes?](https://stackoverflow.com/questions/1240852/is-it-possible-to-decrypt-md5-hashes) – bartonjs Jul 30 '18 at 19:56

1 Answers1

5

TL;DR: No.

A MAC function is also called a "keyed hash function". It is not an "encryption" in any meaning of the word. It transforms a key and a plain text into an authentication tag. The same key + plain text result in the same tag, this property is used to check that the plain text was not modified.

HMAC is a MAC built on a hash function, in your case SHA-256. As long as the hash function is not broken, you can't get the plain text back, even if you know the key.

If there is only a small set of possible plain texts, you can of course do a brute-force attack, just trying each plain text with the key to see if the tag is matching. (If the key is also unknown but from a small set, you can also try to try all possible keys.)

Paŭlo Ebermann
  • 71,139
  • 18
  • 140
  • 206