getByte() is returning same byte[ ] for different Strings

Question

I am generating a Session key, that changes every time i run the program. But when i am converting it into BYTE ARRAY then Byte Array generated is same every time i run the program . IT should be different right? Here is my code

Key key;
SecureRandom rand = new SecureRandom();
KeyGenerator generator = KeyGenerator.getInstance("AES");
generator.init(rand);
generator.init(256);
key = generator.generateKey();
String key1=key.toString();
byte[] genratesessionKey1 = key1.getBytes();
System.out.println("SESSION KEY IS(Byte format)   "+genratesessionKey1.toString());

Then i also used one dummy string. and then i generated its Byte[]. Then i changed the value in that string and generated its Byte[] Again. Still it returns the same result.

String test2="yadav";
String key1=key.toString();
byte[] genratesessionKey1 = key1.getBytes();
byte[] g2=test.getBytes("UTF-8");
byte[] g3=test.getBytes();              
System.out.println("Session key in String   "+key1);
System.out.println("Testing Byte Format   "+g2);
System.out.println("Testing Byte Format 2   "+g3);

Why Its happening.Any Suggestions will be appreciated

First Execution

Second Execution

Answer 1

First of all the code won't compile nor run. What will (omitting imports and class) is

   public static void main(String[] args) 
           throws NoSuchAlgorithmException, UnsupportedEncodingException {
      Key key;
      SecureRandom rand = new SecureRandom();
      KeyGenerator generator = KeyGenerator.getInstance("AES");
      generator.init(rand);
      generator.init(256);
      key = generator.generateKey();
      String key1 = key.toString();
      byte[] genratesessionKey1 = key1.getBytes();
      System.out.println("SESSION KEY IS(Byte format)   " 
                             +  genratesessionKey1.toString());

      String test2="yadav";
      byte[] g2 = test2.getBytes("UTF-8");
      byte[] g3 = test2.getBytes();              
      System.out.println("Session key in String   " + key1);
      System.out.println("Testing Byte Format   " + g2);
      System.out.println("Testing Byte Format 2   " + g3);

      System.out.println("Session key in String   "
                                     + Arrays.toString(genratesessionKey1));

   } // main(String[])

The output would be

SESSION KEY IS(Byte format)   [B@1c53fd30
Session key in String   javax.crypto.spec.SecretKeySpec@fffe8e54
Testing Byte Format   [B@50cbc42f
Testing Byte Format 2   [B@75412c2f

This just shows arrays inheriting Object.toString() in the sense of showing the (useless) address as hash value. Hence, toString() lets all arrays look alike no matter what length or content.
Probably, Mudit wants to see the array's content. Adding

System.out.println("Session key in String   "
                                     + Arrays.toString(genratesessionKey1));

yields

Session key in String   [106, 97, 118, 97, 120, 46, 99, 114, 121, ....

Rationale: Downward compatibility forbade to enhance the (useless to repeat me) method toString() of all Arrays. Hence, what Mudit and many others expect was put as static methods in the helper class java.util.Arrays since Java5.

Answer 2

I would use DatatypeConverter I've used it with my Security project and it worked like a charm...

Answer 3

You can't rely on calling toString() on a byte array to inspect its contents. The returned value doesn't tell you what the bytes are.

If you really want to check the contents of a byte array and see whether it changes or not, use Arrays.toString(byteArray) instead. And then you should be able to verify that the byte array does indeed change.