Is updating a digest the same as concatenating the input and then digesting
it? I'm no "maths of encryption expert" so I have no idea.
> -----Original Message-----
> From: Discussion list for Shibboleth developments [mailto:JISC-
> [log in to unmask]] On Behalf Of Jethro R Binks
> Sent: 06 August 2010 08:56
> To: [log in to unmask]
> Subject: Replicating generation of ePTID in the shell
>
> To ease a migration of an internal system, I wanted to generate ePTIDs
> for
> some known user accounts from the Unix shell.
>
> I was a good boy and Used The Source, read the documentation, and came
> to
> the conclusion that this is what I wanted to do:
>
> /bin/echo -n "[log in to unmask]" | sha1 |
> base64 -e
>
> based on:
>
> shibboleth-1.3.3-
> install/src/edu/internet2/middleware/shibboleth/aa/attrresolv/provider/
> PersistentIDAttributeDefinition.java
>
> To whit:
>
> // Hash the data together to produce the persistent ID.
> try {
> MessageDigest md =
> MessageDigest.getInstance("SHA");
> md.update(requester.getBytes());
> md.update((byte) '!');
> md.update(localId.getBytes());
> md.update((byte) '!');
> String result = new
> String(Base64.encode(md.digest(salt)));
>
> Unfortunately, what my command line gives me doesn't match up with the
> ePTID the SP receives, given the same user, entityId, and salt.
>
> Have I done something daft, do I misunderstand how it works, or is
> there
> something darker afoot somewhere?
>
> Jethro.
>
> . . . . . . . . . . . . . . . . . . . . . . . .
> .
> Jethro R Binks, Computing Officer
> Information Services, The University Of Strathclyde, Glasgow, UK
>
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
