This topic has not yet been rated - Rate this topic

HMACSHA512 Class

Updated: May 2011

Computes a Hash-based Message Authentication Code (HMAC) using the SHA512 hash function.

Namespace:  System.Security.Cryptography
Assembly:  mscorlib (in mscorlib.dll)
[ComVisibleAttribute(true)]
public class HMACSHA512 : HMAC

The HMACSHA512 type exposes the following members.

  NameDescription
Public methodHMACSHA512()Initializes a new instance of the HMACSHA512 class with a randomly generated key.
Public methodHMACSHA512(Byte[])Initializes a new instance of the HMACSHA512 class with the specified key data.
Top
  NameDescription
Protected propertyBlockSizeValueGets or sets the block size to use in the hash value. (Inherited from HMAC.)
Public propertyCanReuseTransformGets a value indicating whether the current transform can be reused. (Inherited from HashAlgorithm.)
Public propertyCanTransformMultipleBlocksWhen overridden in a derived class, gets a value indicating whether multiple blocks can be transformed. (Inherited from HashAlgorithm.)
Public propertyHashGets the value of the computed hash code. (Inherited from HashAlgorithm.)
Public propertyHashNameGets or sets the name of the hash algorithm to use for hashing. (Inherited from HMAC.)
Public propertyHashSizeGets the size, in bits, of the computed hash code. (Inherited from HashAlgorithm.)
Public propertyInputBlockSizeWhen overridden in a derived class, gets the input block size. (Inherited from HashAlgorithm.)
Public propertyKeyGets or sets the key to use in the hash algorithm. (Inherited from HMAC.)
Public propertyOutputBlockSizeWhen overridden in a derived class, gets the output block size. (Inherited from HashAlgorithm.)
Public propertyProduceLegacyHmacValuesProvides a workaround for the .NET Framework version 2.0 implementation of the HMACSHA512 algorithm, which is inconsistent with the .NET Framework version 2.0 Service Pack 1 implementation.
Top
  NameDescription
Public methodClearReleases all resources used by the HashAlgorithm class. (Inherited from HashAlgorithm.)
Public methodComputeHash(Byte[])Computes the hash value for the specified byte array. (Inherited from HashAlgorithm.)
Public methodComputeHash(Stream)Computes the hash value for the specified Stream object. (Inherited from HashAlgorithm.)
Public methodComputeHash(Byte[], Int32, Int32)Computes the hash value for the specified region of the specified byte array. (Inherited from HashAlgorithm.)
Public methodDispose()Releases all resources used by the current instance of the HashAlgorithm class. (Inherited from HashAlgorithm.)
Protected methodDispose(Boolean)Releases the unmanaged resources used by the HMAC class when a key change is legitimate and optionally releases the managed resources. (Inherited from HMAC.)
Public methodEquals(Object)Determines whether the specified Object is equal to the current Object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetHashCodeServes as a hash function for a particular type. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Protected methodHashCoreWhen overridden in a derived class, routes data written to the object into the default HMAC hash algorithm for computing the hash value. (Inherited from HMAC.)
Protected methodHashFinalWhen overridden in a derived class, finalizes the hash computation after the last data is processed by the cryptographic stream object. (Inherited from HMAC.)
Public methodInitializeInitializes an instance of the default implementation of HMAC. (Inherited from HMAC.)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Public methodTransformBlockComputes the hash value for the specified region of the input byte array and copies the specified region of the input byte array to the specified region of the output byte array. (Inherited from HashAlgorithm.)
Public methodTransformFinalBlockComputes the hash value for the specified region of the specified byte array. (Inherited from HashAlgorithm.)
Top
  NameDescription
Protected fieldHashSizeValueRepresents the size, in bits, of the computed hash code. (Inherited from HashAlgorithm.)
Protected fieldHashValueRepresents the value of the computed hash code. (Inherited from HashAlgorithm.)
Protected fieldKeyValueThe key to use in the hash algorithm. (Inherited from KeyedHashAlgorithm.)
Protected fieldStateRepresents the state of the hash computation. (Inherited from HashAlgorithm.)
Top

HMACSHA512 is a type of keyed hash algorithm that is constructed from the SHA-512 hash function and used as a Hash-based Message Authentication Code (HMAC). The HMAC process mixes a secret key with the message data and hashes the result. The hash value is mixed with the secret key again, and then hashed a second time. The output hash is 512 bits in length.

An HMAC can be used to determine whether a message sent over a nonsecure channel has been tampered with, provided that the sender and receiver share a secret key. The sender computes the hash value for the original data and sends both the original data and hash value as a single message. The receiver recalculates the hash value on the received message and checks that the computed HMAC matches the transmitted HMAC.

If the original and computed hash values match, the message is authenticated. If they do not match, either the data or the hash value has been changed. HMACs provide security against tampering because knowledge of the secret key is required to change the message and reproduce the correct hash value.

HMACSHA512 accepts keys of any size, and produces a hash sequence of length 512 bits.

.NET Framework 2.0 Considerations

In the .NET Framework version 2.0, the HMACSHA512 class produced results that were not consistent with other implementations of HMAC-SHA-512. The .NET Framework version 2.0 Service Pack 1 updates this class. However, the HMAC values it produces are inconsistent with the output of the .NET Framework 2.0 implementation of the class. To enable .NET Framework 2.0 SP1 applications to interact with .NET Framework 2.0 applications, the .NET Framework 2.0 SP1 introduces the following four changes to the HMACSHA512 class:

  • The ProduceLegacyHmacValues Boolean property supports the earlier implementation. When you set this property to true, the HMACSHA512 object produces values that match the values produced by the .NET Framework 2.0.

  • In some applications, it may be expensive or difficult to change the code. For these situations, .NET Framework 2.0 SP1 provides a configuration switch, legacyHMACMode, for the application’s .config file. This switch causes all HMAC objects created in the application to use the .NET Framework 2.0 calculation.

    <configuration>
        <runtime>
        <legacyHMACMode enabled="1" />
        </runtime>
    </configuration>
    
  • To help debug any issues that arise when upgrading to the .NET Framework 2.0 SP1, the first time an instance of the HMACSHA512 class is created, a warning about the implementation changes is sent to the event log and to any attached debugger. If you set the legacyHMACMode configuration switch to use the .NET Framework 2.0 calculation, this message is not generated.

  • The .NET Framework 2.0 SP1 also introduces a second configuration switch, legacyHMACWarning, that lets you manually suppress the warning message for your application.

    <configuration>
        <runtime>
           <legacyHMACWarning enabled="0" />
        </runtime>
    </configuration>
    

Note that these four changes affect only the HMACSHA384 and HMACSHA512 classes, and not the SHA256Managed class.

The following example shows how to sign a file by using the HMACSHA512 object and then how to verify the file.


using System;
using System.IO;
using System.Security.Cryptography;

public class HMACSHA512example
{

    public static void Main(string[] Fileargs)
    {
        string dataFile;
        string signedFile;
        //If no file names are specified, create them.
        if (Fileargs.Length < 2)
        {
            dataFile = @"text.txt";
            signedFile = "signedFile.enc";

            if (!File.Exists(dataFile))
            {
                // Create a file to write to.
                using (StreamWriter sw = File.CreateText(dataFile))
                {
                    sw.WriteLine("Here is a message to sign");
                }
            }

        }
        else
        {
            dataFile = Fileargs[0];
            signedFile = Fileargs[1];
        }
        try
        {
            // Create a random key using a random number generator. This would be the
            //  secret key shared by sender and receiver.
            byte[] secretkey = new Byte[64];
            //RNGCryptoServiceProvider is an implementation of a random number generator.
            using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
            {
                // The array is now filled with cryptographically strong random bytes.
                rng.GetBytes(secretkey);

                // Use the secret key to sign the message file.
                SignFile(secretkey, dataFile, signedFile);

                // Verify the signed file
                VerifyFile(secretkey, signedFile);
            }
        }
        catch (IOException e)
        {
            Console.WriteLine("Error: File not found", e);
        }

    }  //end main
    // Computes a keyed hash for a source file and creates a target file with the keyed hash
    // prepended to the contents of the source file. 
    public static void SignFile(byte[] key, String sourceFile, String destFile)
    {
        // Initialize the keyed hash object.
        using (HMACSHA512 hmac = new HMACSHA512(key))
        {
            using (FileStream inStream = new FileStream(sourceFile, FileMode.Open))
            {
                using (FileStream outStream = new FileStream(destFile, FileMode.Create))
                {
                    // Compute the hash of the input file.
                    byte[] hashValue = hmac.ComputeHash(inStream);
                    // Reset inStream to the beginning of the file.
                    inStream.Position = 0;
                    // Write the computed hash value to the output file.
                    outStream.Write(hashValue, 0, hashValue.Length);
                    // Copy the contents of the sourceFile to the destFile.
                    int bytesRead;
                    // read 1K at a time
                    byte[] buffer = new byte[1024];
                    do
                    {
                        // Read from the wrapping CryptoStream.
                        bytesRead = inStream.Read(buffer, 0, 1024);
                        outStream.Write(buffer, 0, bytesRead);
                    } while (bytesRead > 0);
                }
            }
        }
        return;
    } // end SignFile


    // Compares the key in the source file with a new key created for the data portion of the file. If the keys 
    // compare the data has not been tampered with.
    public static bool VerifyFile(byte[] key, String sourceFile)
    {
        bool err = false;
        // Initialize the keyed hash object. 
        using (HMACSHA512 hmac = new HMACSHA512(key))
        {
            // Create an array to hold the keyed hash value read from the file.
            byte[] storedHash = new byte[hmac.HashSize / 8];
            // Create a FileStream for the source file.
            using (FileStream inStream = new FileStream(sourceFile, FileMode.Open))
            {
                // Read in the storedHash.
                inStream.Read(storedHash, 0, storedHash.Length);
                // Compute the hash of the remaining contents of the file.
                // The stream is properly positioned at the beginning of the content, 
                // immediately after the stored hash value.
                byte[] computedHash = hmac.ComputeHash(inStream);
                // compare the computed hash with the stored value

                for (int i = 0; i < storedHash.Length; i++)
                {
                    if (computedHash[i] != storedHash[i])
                    {
                        err = true;
                    }
                }
            }
        }
        if (err)
        {
            Console.WriteLine("Hash values differ! Signed file has been tampered with!");
            return false;
        }
        else
        {
            Console.WriteLine("Hash values agree -- no tampering occurred.");
            return true;
        }

    } //end VerifyFile

} //end class


.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Date

History

Reason

May 2011

Updated the code example.

Information enhancement.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.