This is a step by step tutorial on how to generate a QR code and use salt secure hash strings in Java.
First, you need a QR code can handle the library, I decided to use Zebra Crossing ( "ZXing") library, because it is easy to use (that is the community around it). Add the following dependencies pom.xml:
<dependency> <groupId>com.google.zxing</groupId> <artifactId>core</artifactId> <version>3.4.0</version> </dependency> <dependency> <groupId>com.google.zxing</groupId> <artifactId>javase</artifactId> <version>3.4.0</version> </dependency>
The library provides a wide range of functions to generate and read the code. This use case for me is enough, I just need to generate a QR code with a simple JSON object:
public byte[] qrCodeGenerator(String id) throws IOException, WriterException, InvalidKeySpecException, NoSuchAlgorithmException { String filePath = "QRCode.png"; String charset = "UTF-8"; Map hintMap = new HashMap(); hintMap.put(EncodeHintType.ERROR_CORRECTION, ErrorCorrectionLevel.L); Map<String, String> qrCodeDataMap = Map.of( "Name", id, "Key", keyProvider.generateVerificationKey(id) // see next section for ´generateVerificationKey´ method ); String jsonString = new JSONObject(qrCodeDataMap).toString(); createQRCode(jsonString, filePath, charset, hintMap, 500, 500); BufferedImage image = ImageIO.read(new File(filePath)); ByteArrayOutputStream baos = new ByteArrayOutputStream(); ImageIO.write(image, "png", baos); byte[] imageData = baos.toByteArray(); return imageData; } private void createQRCode(String qrCodeData, String filePath, String charset, Map hintMap, int qrCodeHeight, int qrCodeWidth) throws WriterException, IOException { BitMatrix matrix = new MultiFormatWriter().encode( new String(qrCodeData.getBytes(charset), charset), BarcodeFormat.QR_CODE, qrCodeWidth, qrCodeHeight, hintMap ); MatrixToImageWriter.writeToPath( matrix, filePath.substring(filePath.lastIndexOf('.') + 1), FileSystems.getDefault().getPath(filePath) ); }
Also note that funny little thing JSONObject: using Java hash map into a JSON object. Sometimes, the way you want to build a data structure is much easier, and then serialized to JSON:
Map<String, String> qrCodeDataMap = Map.of( "Name", "SampleText", "Key", "SomeHashedValue" );
String jsonString = new JSONObject(qrCodeDataMap).toString();
In order to be able to use JSONObject class, you need to add the following dependency to your pom.xml:
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<version>20180813</version>
</dependency>
If you are looking for a more simplified interface, you may also see QRGen, which it claims can be further simplified for Java QR code generation API, and built on ZXing. However, in my case, ZXing absolutely no problem.
Hash String
Now, I need to be able to quickly secure way hashed string. For this reason, I decided to use the method recommended by OWASP for Java. To implement this method, you need to update the pom.xml:
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.12</version>
</dependency>
Here is a (somewhat simplified) Java implementation of the method:
public String generateVerificationKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException { int iterations = 10000; int keyLength = 512; char[] strChars = str.toCharArray(); byte[] saltBytes = salt.getBytes(); SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512"); PBEKeySpec spec = new PBEKeySpec(strChars, saltBytes, iterations, keyLength); SecretKey key = skf.generateSecret( spec ); byte[] hashedBytes = key.getEncoded( ); return Hex.encodeHexString(hashedBytes); }
