ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Geuer-Pollmann <>
Subject Cryptographic Hash function from ant
Date Wed, 10 Apr 2002 10:46:03 GMT
Hi all,

I don't know whether this is the right place, but I wanted to ask whether 
it's interesting to include an additional ant task for cryptographic 
message digests:

In the Apache xml-security project, I had the problem that I have to 
download a JAR containing a cryptographic software from a 3rd party site 
because of US export regulations. To make sure that my users get the right 
JAR (that it has not been modified in any way), I wanted to include 
cryptographic message digests into the build.

This is done using the both classes and from [1]. 
HexDump allows for converting hex strings into byte[]s and vice versa, 
Md5Task allows to create MD5 and SHA1 digests. The usage is quiete simple. 
I added a taskdef for my new target

<taskdef name="md5" classname="ant.Md5Task"/>

and then I tell which Md5 or SHA1 hash value a given file must have:

<target name="check-bc"
        description="This target checks that the digest
                     values of the JCE library are valid">

      <!-- -->
<md5 Md5="eeb940217876bcd83a55d799ee5db7ca"
     file="${lib.jce}" />

If the check fails (if the integrity of the file is corrupted by a 
transport problem, a version problem or an attacker), the build is aborted:

      [md5] Warning!!!
      [md5] The SHA1 hash value of ./libs/bc-jce-jdk13-112.jar is corrupted:
      [md5]    was           4A CC 52 C2 4A 41 79 A6 63 07 FB E4 3C EB E1 
39 0D 96 C2 B8
      [md5]    but should be 10 6E 97 A5 AD 7A 57 AA 2C BC 48 07 4D B8 02 
25 D3 C0 97 2A
      [md5] The MD5 hash value of ./libs/bc-jce-jdk13-112.jar is corrupted:
      [md5]    was           85 02 FC AF 26 1D 2C E9 87 E5 FF ED 2F 81 34 CB
      [md5]    but should be EE B9 40 21 78 76 BC D8 3A 55 D7 99 EE 5D B7 CA


Otherwise, it'll simply pass:

      [md5] The hash values of ./libs/bc-jce-jdk13-112.jar are OK


BTW, it could be a nice feature to deploy signed build.xml files so that it 
can be verified whether the build.xml is OK, too.


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message