1. Overview

As we know, ensuring data integrity and security is vital in software engineering. An easy way to achieve this is by using cryptographic hash functions, such as Secure Hash Algorithm 1 (SHA-1), which is widely used for checksum and data integrity verification.

In this tutorial, we’ll explore how to generate a hexadecimal (hex) representation of the SHA-1 hash of a string in Java using three methods.

2. Example Setup

In this tutorial, we’ll generate the hex representation of the SHA-1 digest of an example input and compare it to an expected hex output:

String input = "Hello, World";
String expectedHexValue= "907d14fb3af2b0d4f18c2d46abe8aedce17367bd";

3. Using MessageDigest

MessageDigest is a built-in Java class. It’s part of the java.security package and provides an easy way to generate the SHA-1 digest of a string.

Here’s some example code that uses MessageDigest to generate the hex representation of SHA-1 digest:

void givenMessageDigest_whenUpdatingWithData_thenDigestShouldMatchExpectedValue() throws NoSuchAlgorithmException {
    MessageDigest md = MessageDigest.getInstance("SHA-1");
    byte[] digest = md.digest();
    StringBuilder hexString = new StringBuilder();
    for (byte b : digest) {
        hexString.append(String.format("%02x", b));

    assertEquals(expectedHexValue, hexString.toString());

First, we create a new instance of MessageDigest and initialize it with the SHA-1 algorithm. Then, we invoke the update() method on MessageDigest with the input and convert the input to byte. Next, we create a new variable digest of byte[] type. This variable holds the cryptographic hash of the data added to the MessageDigest object.

Furthermore, we loop through the bytes in the digest array and append each byte to hexString. The String.format() method helps to format the byte values as a hexadecimal string.

Finally, we assert that the input is equal to the expected hex value.

4. Using Apache Commons Codec

The Apache Commons Codec library provides a class called DigestUtils that simplifies the process of generating the hex representation of a SHA-1 digest.

To use this library, we need to add its dependency to the pom.xml:


Next, let’s see how to use the DigestUtils class:

void givenDigestUtils_whenCalculatingSHA1Hex_thenDigestShouldMatchExpectedValue() {
    assertEquals(expectedHexValue, DigestUtils.sha1Hex(input));

Here, we invoke the sha1Hex() method on the DigestUtils class. The method helps to calculate the SHA-1 hash of a string and returns the result as hexadecimal. Also, we check if the input is equal to the expected hex value.

5. Using Google Guava

Guava is a library developed by Google. It offers a hashing class that can be used to generate the hex representation of a SHA-1 digest.

To make use of this library, we need to add its dependency to the pom.xml:


Let’s see how to use the Guava library:

void givenHashingLibrary_whenCalculatingSHA1Hash_thenDigestShouldMatchExpectedValue() {
    assertEquals(expectedHexValue, Hashing.sha1().hashString(input, StandardCharsets.UTF_8).toString());

In the sample code above, we invoke the sha1() method on the Hashing class to compute the SHA-1 hash using the UTF-8 character encoding. Then, we assert that the output is equal to the expected result.

6. Conclusion

In this article, we learned three different ways to generate the hex representation of a SHA-1 digest of a string in Java. The built-in MessageDigest class doesn’t require additional dependencies. Additionally, the Apache Commons Codec library and the Guava library are more convenient to use.

As always, the complete source code for the examples is available over on GitHub.

Course – LSS (cat=Security/Spring Security)

I just announced the new Learn Spring Security course, including the full material focused on the new OAuth2 stack in Spring Security:

res – Security (video) (cat=Security/Spring Security)
Comments are open for 30 days after publishing a post. For any issues past this date, use the Contact form on the site.