14.5 Ensure Data Integrity Using a Keyed Hash Code


Problem

You need to transmit a file to somebody and provide the recipient with a means to verify the integrity of the file and its source.

Solution

Share a secret key with the intended recipient. This key would ideally be a randomly generated number, but it could also be a phrase that you and the recipient agree to use. Use the key with one of the keyed hashing algorithm classes derived from the System.Security.Cryptography.KeyedHashAlgorithm class to create a keyed hash code. Send the hash code with the file. On receipt of the file, the recipient will generate the keyed hash code of the file using the shared secret key. If the hash codes are equal, the recipient knows that the file is from you and that it hasn't changed in transit.

Discussion

Hash codes are useful for comparing two pieces of data to determine if they are the same, even if you no longer have access to the original data. However, you can't use a hash code to reassure the recipient of data as to the data's integrity. If somebody could intercept the data, they could replace the data and generate a new hash code. When the recipient verifies the hash code, it will seem correct, when in fact the data is nothing like what you sent to them originally.

A simple and efficient solution to the problem of data integrity is a keyed hash code . A keyed hash code is similar to a normal hash code (discussed in recipes 14.2 and 14.3); however, the keyed hash code incorporates an element of secret data ”a key ”known only to the sender and the receiver. Without the key, a person can't generate the correct hash code from a given set of data. When you successfully verify a keyed hash code, you can be certain that only somebody who knows the secret key could generate the hash code.

Important  

The secret key must remain secret. Anybody who knows the secret key can generate valid keyed hash codes, meaning that you would be unable to determine if they had changed the content of a document. For this reason, you shouldn't transmit or store the secret key with the document whose integrity you are trying to protect. Recipe 14.10 provides one mechanism you can use to exchange secret keys securely.

Generating keyed hash codes is similar to generating normal hash codes; the abstract class System.Security.Cryptography.KeyedHashAlgorithm extends the class System.Security.Cryptography.HashAlgorithm . KeyedHashAlgorithm provides a base class from which all concrete keyed hashing algorithm implementations must derive. The .NET Framework class library includes the two keyed hashing algorithm implementations listed in Table 14.2; each implementation is a member of the namespace System.Security.Cryptography .

Table 14.2: Keyed Hashing Algorithm Implementations

Algorithm/Class Name

Key Size (in Bits)

Hash Code Size (in Bits)

HMACSHA1

Any

160

MACTripleDES

64, 128, 192

64

As with the standard hashing algorithms, you can either create keyed hashing algorithm objects directly, or you can use the static factory method KeyedHashAlgorithm.Create and pass the algorithm name as an argument. Using the factory approach allows you to write generic code that can work with any keyed hashing algorithm implementation, but as shown in Table 14.2, each class supports different key lengths that you must cater for in generic code.

If you use constructors to instantiate a keyed hashing object, you can pass the secret key to the constructor. Using the factory approach, you must set the key using the Key property inherited from the KeyedHashAlgorithm class. Once configured with a key, call the ComputeHash method and pass either a byte array or a System.IO.Stream object. The keyed hashing algorithm will process the input data and return a byte array containing the keyed hash code. Table 14. 2 shows the size of hash code generated by each keyed hashing algorithm.

The KeyedHashStreamExample class listed here demonstrates the generation of a keyed hash code from a file. You must specify the name of the input file and a key as command-line arguments. The application uses the HMACSHA1 class to generate the keyed hash code and then displays it to the console.

 using System; using System.IO; using System.Text; using System.Security.Cryptography; public class KeyedHashStreamExample {     public static void Main(string[] args) {         // Create a byte array from the key string, which is the          // second command line argument.         byte[] key = Encoding.Unicode.GetBytes(args[1]);                  // Create a HMACSHA1 object to generate the keyed hash code for          // the input file. Pass the byte array representing the key to          // the constructor.         using (HMACSHA1 hashAlg = new HMACSHA1(key)) {             // Open a FileStream to read the input file; the file name is              // specified by the first command line argument.             using (Stream file = new FileStream(args[0], FileMode.Open)) {                      // Generate the keyed hash code of the file's contents.                 byte[] hash = hashAlg.ComputeHash(file);                      // Display the keyed hash code to the console.                 Console.WriteLine(BitConverter.ToString(hash));             }         }     } } 

Executing the command KeyedHashStreamExample KeyedHashStreamExample.cs secretKey will display the following hash code to the console:

 95-95-2A-8E-44-D4-3C-55-6F-DA-06-44-27-79-29-81-15-C7-2A-48 

The sample code for this chapter also contains an application named KeyedHashMessageExample.cs, which demonstrates the generation of a keyed hash code from a string . This application expects two command-line arguments: a message and a key. The KeyedHashMessageExample application generates the keyed hash code of the message string using the specified key. For example, entering the command KeyedHashMessageExample "Two hundred dollars is my final offer" secretKey will generate the following hash code:

 83-43-0D-9D-07-6F-AA-B7-BC-79-CD-6F-AD-7B-FA-EA-19-D1-24-44 



C# Programmer[ap]s Cookbook
C# Programmer[ap]s Cookbook
ISBN: 735619301
EAN: N/A
Year: 2006
Pages: 266

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net