Is updating a digest the same as concatenating the input and then digesting it? I'm no "maths of encryption expert" so I have no idea. > -----Original Message----- > From: Discussion list for Shibboleth developments [mailto:JISC- > [log in to unmask]] On Behalf Of Jethro R Binks > Sent: 06 August 2010 08:56 > To: [log in to unmask] > Subject: Replicating generation of ePTID in the shell > > To ease a migration of an internal system, I wanted to generate ePTIDs > for > some known user accounts from the Unix shell. > > I was a good boy and Used The Source, read the documentation, and came > to > the conclusion that this is what I wanted to do: > > /bin/echo -n "[log in to unmask]" | sha1 | > base64 -e > > based on: > > shibboleth-1.3.3- > install/src/edu/internet2/middleware/shibboleth/aa/attrresolv/provider/ > PersistentIDAttributeDefinition.java > > To whit: > > // Hash the data together to produce the persistent ID. > try { > MessageDigest md = > MessageDigest.getInstance("SHA"); > md.update(requester.getBytes()); > md.update((byte) '!'); > md.update(localId.getBytes()); > md.update((byte) '!'); > String result = new > String(Base64.encode(md.digest(salt))); > > Unfortunately, what my command line gives me doesn't match up with the > ePTID the SP receives, given the same user, entityId, and salt. > > Have I done something daft, do I misunderstand how it works, or is > there > something darker afoot somewhere? > > Jethro. > > . . . . . . . . . . . . . . . . . . . . . . . . > . > Jethro R Binks, Computing Officer > Information Services, The University Of Strathclyde, Glasgow, UK > > The University of Strathclyde is a charitable body, registered in > Scotland, number SC015263.