Search code examples
javaarrayspublic-key-encryptionsession-keys

getByte() is returning same byte[ ] for different Strings

I am generating a Session key, that changes every time i run the program. But when i am converting it into BYTE ARRAY then Byte Array generated is same every time i run the program . IT should be different right? Here is my code 

Key key;
SecureRandom rand = new SecureRandom();
KeyGenerator generator = KeyGenerator.getInstance("AES");
generator.init(rand);
generator.init(256);
key = generator.generateKey();
String key1=key.toString();
byte[] genratesessionKey1 = key1.getBytes();
System.out.println("SESSION KEY IS(Byte format)   "+genratesessionKey1.toString());

Then i also used one dummy string. and then i generated its Byte[]. Then i changed the value in that string and generated its Byte[] Again. Still it returns the same result.

String test2="yadav";
String key1=key.toString();
byte[] genratesessionKey1 = key1.getBytes();
byte[] g2=test.getBytes("UTF-8");
byte[] g3=test.getBytes();              
System.out.println("Session key in String   "+key1);
System.out.println("Testing Byte Format   "+g2);
System.out.println("Testing Byte Format 2   "+g3);

Why Its happening.Any Suggestions will be appreciated

First Execution

Second Execution

Solution

  • First of all the code won't compile nor run. What will (omitting imports and class) is 

       public static void main(String[] args) 
           throws NoSuchAlgorithmException, UnsupportedEncodingException {
      Key key;
      SecureRandom rand = new SecureRandom();
      KeyGenerator generator = KeyGenerator.getInstance("AES");
      generator.init(rand);
      generator.init(256);
      key = generator.generateKey();
      String key1 = key.toString();
      byte[] genratesessionKey1 = key1.getBytes();
      System.out.println("SESSION KEY IS(Byte format)   " 
                             +  genratesessionKey1.toString());

      String test2="yadav";
      byte[] g2 = test2.getBytes("UTF-8");
      byte[] g3 = test2.getBytes();              
      System.out.println("Session key in String   " + key1);
      System.out.println("Testing Byte Format   " + g2);
      System.out.println("Testing Byte Format 2   " + g3);

      System.out.println("Session key in String   "
                                     + Arrays.toString(genratesessionKey1));

   } // main(String[])

    The output would be 

    SESSION KEY IS(Byte format)   [B@1c53fd30
Session key in String   javax.crypto.spec.SecretKeySpec@fffe8e54
Testing Byte Format   [B@50cbc42f
Testing Byte Format 2   [B@75412c2f

    This just shows arrays inheriting Object.toString() in the sense of showing the (useless) address as hash value. Hence, toString() lets all arrays look alike no matter what length or content.
    Probably, Mudit wants to see the array's content. Adding

    System.out.println("Session key in String   "
                                     + Arrays.toString(genratesessionKey1));

    yields

    Session key in String   [106, 97, 118, 97, 120, 46, 99, 114, 121, ....

    Rationale: Downward compatibility forbade to enhance the (useless to repeat me) method toString() of all Arrays. Hence, what Mudit and many others expect was put as static methods in the helper class java.util.Arrays since Java5.