MACs, hashes, and signatures (Windows Runtime apps)

Applies to Windows and Windows Phone

This topic discusses how message authentication codes (MACs), hashes, and signatures can be used to detect message tampering.

Message authentication codes

Encryption helps prevent an unauthorized individual from reading a message, but it does not prevent that individual from tampering with the message. An altered message, even if the alteration results in nothing but nonsense, can have real costs. A message authentication code (MAC) helps prevent message tampering. For example, consider the following scenario:

  • Bob and Alice share a secret key and agree on a MAC function to use.
  • Bob creates a message and inputs the message and the secret key into a MAC function to retrieve a MAC value.
  • Bob sends the [unencrypted] message and the MAC value to Alice over a network.
  • Alice uses the secret key and the message as input to the MAC function. She compares the generated MAC value to the MAC value sent by Bob. If they are the same, the message was not changed in transit.

Note that Eve, a third party eavesdropping on the conversation between Bob and Alice, cannot effectively manipulate the message. Eve does not have access to the private key and cannot, therefore, create a MAC value which would make the tampered message appear legitimate to Alice.

Creating a message authentication code ensures only that the original message was not altered and, by using a shared secret key, that the message hash was signed by someone with access to that private key.

You can use the MacAlgorithmProvider to enumerate the available MAC algorithms and generate a symmetric key. You can use static methods on the CryptographicEngine class to perform the necessary encryption that creates the MAC value.

Digital signatures are the public key equivalent of private key message authentication codes (MACs). Although MACs use private keys to enable a message recipient to verify that a message has not been altered during transmission, signatures use a private/public key pair.

Hashes

A cryptographic hash function takes an arbitrarily long block of data and returns a fixed-size bit string. Hash functions are typically used when signing data. Because most public key signature operations are computationally intensive, it is typically more efficient to sign (encrypt) a message hash than it is to sign the original message. The following procedure represents a common, albeit simplified, scenario:

  • Alice creates a key pair, keeps her private key secret and publishes her public key by using a trusted certification authority.
  • Alice creates a message, hashes it, signs the hash by using her private key, and sends the (unencrypted) message and the signature to Bob.
  • Bob retrieves Alice's public key and decrypts the signature to retrieve Alice's hash.
  • Bob hashes the message he received from Alice and compares the hash he computed to the decrypted hash. If the hashes are the same, Bob is fairly certain that the message from Alice has not been altered.

Note that Alice sent an unencrypted message. Only the hash was encrypted. The procedure ensures only that the original message was not altered and, by using Alice's public key, that the message hash was signed by someone with access to Alice's private key, presumably Alice.

You can use the HashAlgorithmProvider class to enumerate the available hash algorithms and create a CryptographicHash value.

Digital signatures are the public key equivalent of private key message authentication codes (MACs). Whereas MACs use private keys to enable a message recipient to verify that a message has not been altered during transmission, signatures use a private/public key pair.

Digital signatures

Digital signatures are the public key equivalent of private key message authentication codes (MACs). Whereas MACs use private keys to enable a message recipient to verify that a message has not been altered during transmission, signatures use a private/public key pair.

Because most public key signature operations are computationally intensive, however, it is typically more efficient to sign (encrypt) a message hash than it is to sign the original message. The sender creates a message hash, signs it, and sends both the signature and the (unencrypted) message. The recipient calculates a hash over the message, decrypts the signature, and compares the decrypted signature to the hash value. If they match, the recipient can be fairly certain that the message did, in fact, come from the sender and was not altered during transmission.

Signing ensures only that the original message was not altered and, by using the sender's public key, that the message hash was signed by someone with access to the private key.

You can use an AsymmetricKeyAlgorithmProvider object to enumerate the available signature algorithms and generate or import a key pair. You can use static methods on the CryptographicHash class to sign a message or verify a signature.

Related topics

Cryptography

 

 

Show:
© 2014 Microsoft