Validating Hash Codes Programmatically
• At this point you have seen how to generate a unique hash code for a specific block of message data.
• Assume that Alice has sent the hash code and message data to Bob.
• Bob now wants to programmatically check that the message data has not been altered during transport.
• How?
• When you wish to check the integrity of a message, the receiver must know the following:
• The original message data.
• The hash code value generated from the message data.
• The hash algorithm used to generate the hash code.
• Once this information has been obtained, validating a hash code can be as simple as comparing the
values.
• String values can be compared using little more than the equality operator.
• Byte arrays can be compared by evaluating each index.
Understanding Keyed Hashing Algorithms
• The hash algorithms we have examined are not bullet proof:
• Eve could intercept the hash code and message data, replace both, and fool the receiver (Bob).
• How can we provide a level of authentication to the hash code?
• To provide authentication to a hash code, you can specify a ‘secrete key’ when hashing your message
data:
• Thus, Bob and Alice must agree on the key itself.
• Eve must never have access to the key.
• The end result is that the message is even more secure given that the hash code can only be understood
by those who know the key.
• The .NET provides a number of keyed hash code algorithms:
• HMAC Types: The System.Security.Cryptography.HMAC type is an abstract type to a number of
derived types.
• MACTripleDES: Legacy in financial sector, but slowly overtaken by HMAC-derived types. This
algorithm makes use of Triple-DES encryption.
• Like the non-keyed hash algorithms, keyed hash algorithms can be created using a string moniker.
• The fully qualified name or type name can be passed into the KeyedHashAlgorithm.Create() method.
• You can also create an instance of the class type in code.
• The KeyedHashAlgorithm base class defines a property named Key which allows you to set and obtain
the key.
• The key itself is represented as a byte array.
• If you do not specify an initial key value, the KeyedHashAlgorithm derived types generate a key value
automatically.
• Of course, you will need to save the key value so the receiver (Bob) can validate the hash at a later time.
// C# code (VB code would be similar)
static void Main(string[] args)
{
// Create a keyed hashed algorithm type.
KeyedHashAlgorithm keyedAlg =
KeyedHashAlgorithm.Create("HMACSHA1");
// Print out the autogenerated key.
Console.WriteLine(Encoding.Default.GetString(keyedAlg.Key));
// Store this key for later use.
byte[] secreteKey = keyedAlg.Key;
// Now hash message as usual.
string msg = "You can't decode me without the key pal!";
byte[] msgAsBytes = Encoding.Default.GetBytes(msg);
byte[] keyedHashedMessage = keyedAlg.ComputeHash(msgAsBytes);
}
• At this point you have seen how to generate a unique hash code for a specific block of message data.
• Assume that Alice has sent the hash code and message data to Bob.
• Bob now wants to programmatically check that the message data has not been altered during transport.
• How?
• When you wish to check the integrity of a message, the receiver must know the following:
• The original message data.
• The hash code value generated from the message data.
• The hash algorithm used to generate the hash code.
• Once this information has been obtained, validating a hash code can be as simple as comparing the
values.
• String values can be compared using little more than the equality operator.
• Byte arrays can be compared by evaluating each index.
Understanding Keyed Hashing Algorithms
• The hash algorithms we have examined are not bullet proof:
• Eve could intercept the hash code and message data, replace both, and fool the receiver (Bob).
• How can we provide a level of authentication to the hash code?
• To provide authentication to a hash code, you can specify a ‘secrete key’ when hashing your message
data:
• Thus, Bob and Alice must agree on the key itself.
• Eve must never have access to the key.
• The end result is that the message is even more secure given that the hash code can only be understood
by those who know the key.
• The .NET provides a number of keyed hash code algorithms:
• HMAC Types: The System.Security.Cryptography.HMAC type is an abstract type to a number of
derived types.
• MACTripleDES: Legacy in financial sector, but slowly overtaken by HMAC-derived types. This
algorithm makes use of Triple-DES encryption.
• Like the non-keyed hash algorithms, keyed hash algorithms can be created using a string moniker.
• The fully qualified name or type name can be passed into the KeyedHashAlgorithm.Create() method.
• You can also create an instance of the class type in code.
• The KeyedHashAlgorithm base class defines a property named Key which allows you to set and obtain
the key.
• The key itself is represented as a byte array.
• If you do not specify an initial key value, the KeyedHashAlgorithm derived types generate a key value
automatically.
• Of course, you will need to save the key value so the receiver (Bob) can validate the hash at a later time.
// C# code (VB code would be similar)
static void Main(string[] args)
{
// Create a keyed hashed algorithm type.
KeyedHashAlgorithm keyedAlg =
KeyedHashAlgorithm.Create("HMACSHA1");
// Print out the autogenerated key.
Console.WriteLine(Encoding.Default.GetString(keyedAlg.Key));
// Store this key for later use.
byte[] secreteKey = keyedAlg.Key;
// Now hash message as usual.
string msg = "You can't decode me without the key pal!";
byte[] msgAsBytes = Encoding.Default.GetBytes(msg);
byte[] keyedHashedMessage = keyedAlg.ComputeHash(msgAsBytes);
}
Validating Hash Codes
Table of Contents
Copyright (c) 2008. Intertech, Inc. All Rights Reserved. This information is to be used exclusively as an
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Courseware
Training Resources
Tutorials