HMACSHA1 Class (System.Security.Cryptography)

Switch View

Collapse All

Language Filter

This page is specific to

Microsoft Visual Studio 2005/.NET Framework 2.0

Other versions are also available for the following:

.NET Framework Class Library

HMACSHA1 Class

Computes a Hash-based Message Authentication Code (HMAC) using the SHA1 hash function.

Namespace: System.Security.Cryptography
Assembly: mscorlib (in mscorlib.dll)

Syntax

Visual Basic (Declaration)

<ComVisibleAttribute(True)> _
Public Class HMACSHA1
    Inherits HMAC

Visual Basic (Usage)

Dim instance As HMACSHA1

[ComVisibleAttribute(true)] 
public class HMACSHA1 : HMAC

C++

[ComVisibleAttribute(true)] 
public ref class HMACSHA1 : public HMAC

/** @attribute ComVisibleAttribute(true) */ 
public class HMACSHA1 extends HMAC

JScript

ComVisibleAttribute(true) 
public class HMACSHA1 extends HMAC

Remarks

HMACSHA1 is a type of keyed hash algorithm that is constructed from the SHA1 hash function and used as an HMAC, or hash-based message authentication code. The HMAC process mixes a secret key with the message data, hashes the result with the hash function, mixes that hash value with the secret key again, then applies the hash function a second time. The output hash is 160 bits in length.

An HMAC can be used to determine whether a message sent over an insecure channel has been tampered with, provided that the sender and receiver share a secret key. The sender computes the hash value for the original data and sends both the original data and hash value as a single message. The receiver recalculates the hash value on the received message and checks that the computed HMAC matches the transmitted HMAC.

Any change to the data or the hash value will result in a mismatch, because knowledge of the secret key is required to change the message and reproduce the correct hash value. Therefore, if the original and computed hash values match, the message is authenticated.

The SHA-1 (Secure Hash Algorithm, also called SHS, Secure Hash Standard) is a cryptographic hash algorithm published by the United States Government. It produces a 160-bit hash value from an arbitrary length string.

HMACSHA1 accepts keys of any size, and produces a hash sequence of length 160 bits.

Example

The following code example shows how to encode a file using HMACSHA1 and then how to decode the file.

using System;
using System.IO;
using System.Security.Cryptography;

public class HMACSHA1example
{
    // Computes a keyed hash for a source file, creates a target file with the keyed hash
    // prepended to the contents of the source file, then decrypts the file and compares
    // the source and the decrypted files.
    public static void EncodeFile(byte[] key, String sourceFile, String destFile)
    {
        // Initialize the keyed hash object.
        HMACSHA1 myhmacsha1 = new HMACSHA1(key);
        FileStream inStream = new FileStream(sourceFile, FileMode.Open);
        FileStream outStream = new FileStream(destFile, FileMode.Create);
        // Compute the hash of the input file.
        byte[] hashValue = myhmacsha1.ComputeHash(inStream);
        // Reset inStream to the beginning of the file.
        inStream.Position = 0;
        // Write the computed hash value to the output file.
        outStream.Write(hashValue, 0, hashValue.Length);
        // Copy the contents of the sourceFile to the destFile.
        int bytesRead;
        // read 1K at a time
        byte[] buffer = new byte[1024]; 
        do
        {
            // Read from the wrapping CryptoStream.
            bytesRead = inStream.Read(buffer,0,1024); 
            outStream.Write(buffer, 0, bytesRead);
        } while (bytesRead > 0); 
        myhmacsha1.Clear();
        // Close the streams
        inStream.Close();
        outStream.Close();
        return;
    } // end EncodeFile


    // Decrypt the encoded file and compare to original file.
    public static bool DecodeFile(byte[] key, String sourceFile)
    {
        // Initialize the keyed hash object. 
        HMACSHA1 hmacsha1 = new HMACSHA1(key);
        // Create an array to hold the keyed hash value read from the file.
        byte[] storedHash = new byte[hmacsha1.HashSize/8];
        // Create a FileStream for the source file.
        FileStream inStream = new FileStream(sourceFile, FileMode.Open);
        // Read in the storedHash.
        inStream.Read(storedHash, 0, storedHash.Length);
        // Compute the hash of the remaining contents of the file.
        // The stream is properly positioned at the beginning of the content, 
        // immediately after the stored hash value.
        byte[] computedHash = hmacsha1.ComputeHash(inStream);
        // compare the computed hash with the stored value
        for (int i =0; i < storedHash.Length; i++)
        {
            if (computedHash[i] != storedHash[i])
            {
                Console.WriteLine("Hash values differ! Encoded file has been tampered with!");
                return false;
            }
        }
        Console.WriteLine("Hash values agree -- no tampering occurred.");
        return true;
    } //end DecodeFile

    private const string usageText = "Usage: HMACSHA1 inputfile.txt encryptedfile.hsh\nYou must specify the two file names. Only the first file must exist.\n";
    public static void Main(string[] Fileargs)
    {
        //If no file names are specified, write usage text.
        if (Fileargs.Length < 2)
        {
            Console.WriteLine(usageText);
        }
        else
        {
            try
            {
                // Create a random key using a random number generator. This would be the
                //  secret key shared by sender and receiver.
                byte[] secretkey = new Byte[64];
                //RNGCryptoServiceProvider is an implementation of a random number generator.
                RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
                // The array is now filled with cryptographically strong random bytes.
                rng.GetBytes(secretkey); 

                // Use the secret key to encode the message file.
                EncodeFile(secretkey, Fileargs[0], Fileargs[1]);

                // Take the encoded file and decode
                DecodeFile(secretkey, Fileargs[1]);
            }
            catch (IOException e)
            {
                Console.WriteLine("Error: File not found",e);
            }
        } //end if-else

    }  //end main
} //end class

C++

using namespace System;
using namespace System::IO;
using namespace System::Security::Cryptography;

// Computes a keyed hash for a source file, creates a target file with the keyed hash
// prepended to the contents of the source file, then decrypts the file and compares
// the source and the decrypted files.
void EncodeFile( array<Byte>^key, String^ sourceFile, String^ destFile )
{
   
   // Initialize the keyed hash object.
   HMACSHA1^ myhmacsha1 = gcnew HMACSHA1( key );
   FileStream^ inStream = gcnew FileStream( sourceFile,FileMode::Open );
   FileStream^ outStream = gcnew FileStream( destFile,FileMode::Create );
   
   // Compute the hash of the input file.
   array<Byte>^hashValue = myhmacsha1->ComputeHash( inStream );
   
   // Reset inStream to the beginning of the file.
   inStream->Position = 0;
   
   // Write the computed hash value to the output file.
   outStream->Write( hashValue, 0, hashValue->Length );
   
   // Copy the contents of the sourceFile to the destFile.
   int bytesRead;
   
   // read 1K at a time
   array<Byte>^buffer = gcnew array<Byte>(1024);
   do
   {
      
      // Read from the wrapping CryptoStream.
      bytesRead = inStream->Read( buffer, 0, 1024 );
      outStream->Write( buffer, 0, bytesRead );
   }
   while ( bytesRead > 0 );

   myhmacsha1->Clear();
   
   // Close the streams
   inStream->Close();
   outStream->Close();
   return;
} // end EncodeFile



// Decrypt the encoded file and compare to original file.
bool DecodeFile( array<Byte>^key, String^ sourceFile )
{
   
   // Initialize the keyed hash object. 
   HMACSHA1^ hmacsha1 = gcnew HMACSHA1( key );
   
   // Create an array to hold the keyed hash value read from the file.
   array<Byte>^storedHash = gcnew array<Byte>(hmacsha1->HashSize / 8);
   
   // Create a FileStream for the source file.
   FileStream^ inStream = gcnew FileStream( sourceFile,FileMode::Open );
   
   // Read in the storedHash.
   inStream->Read( storedHash, 0, storedHash->Length );
   
   // Compute the hash of the remaining contents of the file.
   // The stream is properly positioned at the beginning of the content, 
   // immediately after the stored hash value.
   array<Byte>^computedHash = hmacsha1->ComputeHash( inStream );
   
   // compare the computed hash with the stored value
   for ( int i = 0; i < storedHash->Length; i++ )
   {
      if ( computedHash[ i ] != storedHash[ i ] )
      {
         Console::WriteLine( "Hash values differ! Encoded file has been tampered with!" );
         return false;
      }

   }
   Console::WriteLine( "Hash values agree -- no tampering occurred." );
   return true;
} //end DecodeFile


int main()
{
   array<String^>^Fileargs = Environment::GetCommandLineArgs();
   String^ usageText = "Usage: HMACSHA1 inputfile.txt encryptedfile.hsh\nYou must specify the two file names. Only the first file must exist.\n";
   
   //If no file names are specified, write usage text.
   if ( Fileargs->Length < 3 )
   {
      Console::WriteLine( usageText );
   }
   else
   {
      try
      {
         
         // Create a random key using a random number generator. This would be the
         //  secret key shared by sender and receiver.
         array<Byte>^secretkey = gcnew array<Byte>(64);
         
         //RNGCryptoServiceProvider is an implementation of a random number generator.
         RNGCryptoServiceProvider^ rng = gcnew RNGCryptoServiceProvider;
         
         // The array is now filled with cryptographically strong random bytes.
         rng->GetBytes( secretkey );
         
         // Use the secret key to encode the message file.
         EncodeFile( secretkey, Fileargs[ 1 ], Fileargs[ 2 ] );
         
         // Take the encoded file and decode
         DecodeFile( secretkey, Fileargs[ 2 ] );
      }
      catch ( IOException^ e ) 
      {
         Console::WriteLine( "Error: File not found", e );
      }

   }
} //end main

import System.*;
import System.IO.*;
import System.Security.Cryptography.*;

public class HMACSHA1Example
{
    // Computes a keyed hash for a source file, creates a target file with the
    // keyed hash prepended to the contents of the source file, then decrypts 
    // the file and compares the source and the decrypted files.
    public static void EncodeFile(ubyte key[], String sourceFile, 
        String destFile)
    {
        // Initialize the keyed hash object.
        HMACSHA1 myhmacsha1 = new HMACSHA1(key);
        FileStream inStream = new FileStream(sourceFile, FileMode.Open);
        FileStream outStream = new FileStream(destFile, FileMode.Create);

        // Compute the hash of the input file.
        ubyte hashValue[] = myhmacsha1.ComputeHash(inStream);

        // Reset inStream to the beginning of the file.
        inStream.set_Position(0);

        // Write the computed hash value to the output file.
        outStream.Write(hashValue, 0, hashValue.length);

        // Copy the contents of the sourceFile to the destFile.
        int bytesRead;

        // read 1K at a time
        ubyte buffer[] = new ubyte[1024];
        do {
            // Read from the wrapping CryptoStream.
            bytesRead = inStream.Read(buffer, 0, 1024);
            outStream.Write(buffer, 0, bytesRead);
        } while (bytesRead > 0);
        myhmacsha1.Clear();

        // Close the streams
        inStream.Close();
        outStream.Close();
        return;
    } // end EncodeFile
    
    // Decrypt the encoded file and compare to original file.
    public static boolean DecodeFile(ubyte key[], String sourceFile)
    {
        // Initialize the keyed hash object. 
        HMACSHA1 hmacsha1 = new HMACSHA1(key);

        // Create an array to hold the keyed hash value read from the file.
        ubyte storedHash[] = new ubyte[hmacsha1.get_HashSize() / 8];

        // Create a FileStream for the source file.
        FileStream inStream = new FileStream(sourceFile, FileMode.Open);

        // Read in the storedHash.
        inStream.Read(storedHash, 0, storedHash.length);

        // Compute the hash of the remaining contents of the file.
        // The stream is properly positioned at the beginning of the content, 
        // immediately after the stored hash value.
        ubyte computedHash[] = hmacsha1.ComputeHash(inStream);

        // compare the computed hash with the stored value
        for (int i = 0; i < storedHash.length; i++) {
            if (computedHash.get_Item(i) != storedHash.get_Item(i)) {
                Console.WriteLine("Hash values differ! Encoded file has been " 
                    + " tampered with!");
                return false;
            }
        }
        Console.WriteLine("Hash values agree -- no tampering occurred.");
        return true;
    } //DecodeFile //end DecodeFile


    private static String usageText = "Usage: HMACSHA1 inputfile.txt " 
        + "encryptedfile.hsh\nYou must specify the two file names. Only " 
        + "the first file must exist.\n";


    public static void main(String[] fileargs)
    {
        //If no file names are specified, write usage text.
        if (fileargs.length < 2) {
            Console.WriteLine(usageText);
        }
        else {
            try {
                // Create a random key using a random number generator. This
                // would be the secret key shared by sender and receiver.
                ubyte secretKey[] = new ubyte[64];

                // RNGCryptoServiceProvider is an implementation of a random
                // number generator.
                RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();

                // The array is now filled with cryptographically strong
                // random bytes.
                rng.GetBytes(secretKey);

                // Use the secret key to encode the message file.
                EncodeFile(secretKey, fileargs[0], fileargs[1]);

                // Take the encoded file and decode
                DecodeFile(secretKey, fileargs[1]);
            }
            catch (IOException e) {
                Console.WriteLine("Error: File not found", e);
            }
        }//end if-else
    } //end main
} //end class HMACSHA1Example

Inheritance Hierarchy

System.Object
   System.Security.Cryptography.HashAlgorithm
     System.Security.Cryptography.KeyedHashAlgorithm
       System.Security.Cryptography.HMAC
        System.Security.Cryptography.HMACSHA1

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

Version Information

.NET Framework

Supported in: 2.0, 1.1, 1.0

Reference

HMACSHA1 Members
System.Security.Cryptography Namespace

Other Resources

Cryptographic Services