HMACSHA1-Klasse
Berechnet unter Verwendung der SHA1-Hashfunktion einen Hash-Nachrichtenauthentifizierungscode (HMAC, Hash-based Message Authentication Code).
Namespace: System.Security.Cryptography
Assembly: mscorlib (in mscorlib.dll)
Syntax
'Declaration
<ComVisibleAttribute(True)> _
Public Class HMACSHA1
Inherits HMAC
'Usage
Dim instance As HMACSHA1
[ComVisibleAttribute(true)]
public class HMACSHA1 : HMAC
[ComVisibleAttribute(true)]
public ref class HMACSHA1 : public HMAC
/** @attribute ComVisibleAttribute(true) */
public class HMACSHA1 extends HMAC
ComVisibleAttribute(true)
public class HMACSHA1 extends HMAC
Hinweise
HMACSHA1 ist ein schlüsselgebundener Hashalgorithmus, der von der SHA1-Hashfunktion erstellt und als HMAC verwendet wird, oder ein Hash-Nachrichtenauthentifizierungscode. Der HMAC-Prozess umfasst folgende Schritte: Ein geheimer Schlüssel wird mit den Nachrichtendaten vermischt, für das Ergebnis wird mithilfe der Hashfunktion ein Hash erstellt, der Hashwert wird wiederum mit dem geheimen Schlüssel vermischt, und die Hashfunktion wird ein weiteres Mal angewendet. Der Ausgabehash hat eine Länge von 160 Bits.
Mit einem HMAC kann bestimmt werden, ob eine über einen unsicheren Channel gesendete Nachricht manipuliert wurde, sofern Absender und Empfänger einen gemeinsamen geheimen Schlüssel besitzen. Der Absender berechnet den Hashwert für die ursprünglichen Daten und sendet beides zusammen in einer einzelnen Nachricht. Der Empfänger führt eine Neuberechnung des Hashwerts der empfangenen Nachricht durch und überprüft, ob der berechnete HMAC dem übermittelten HMAC entspricht.
Alle Änderungen an den Daten oder dem Hashwert führen zu einer Abweichung, da zum Ändern der Nachricht und zur Erzeugung des korrekten Hashwerts die Kenntnis des geheimen Schlüssels erforderlich ist. Wenn der ursprüngliche und der berechnete Hashwert übereinstimmen, wird die Nachricht authentifiziert.
Bei SHA-1 (Secure Hash Algorithm), auch als SHS (Secure Hash Standard) bezeichnet, handelt es sich um einen von der US-Regierung veröffentlichten kryptografischen Hashalgorithmus. Dieser erzeugt einen 160-Bit-Hashwert aus einer Zeichenfolge mit einer willkürlich festgelegten Länge.
HMACSHA1 akzeptiert Schlüssel jeder Größe und erzeugt eine Hashsequenz mit einer Länge von 160 Bits.
Beispiel
Im folgenden Codebeispiel werden das Codieren einer Datei mithilfe von HMACSHA1 und das anschließende Decodieren der Datei veranschaulicht.
using System;
using System.IO;
using System.Security.Cryptography;
public class HMACSHA1example
{
// Computes a keyed hash for a source file, creates a target file with the keyed hash
// prepended to the contents of the source file, then decrypts the file and compares
// the source and the decrypted files.
public static void EncodeFile(byte[] key, String sourceFile, String destFile)
{
// Initialize the keyed hash object.
HMACSHA1 myhmacsha1 = new HMACSHA1(key);
FileStream inStream = new FileStream(sourceFile, FileMode.Open);
FileStream outStream = new FileStream(destFile, FileMode.Create);
// Compute the hash of the input file.
byte[] hashValue = myhmacsha1.ComputeHash(inStream);
// Reset inStream to the beginning of the file.
inStream.Position = 0;
// Write the computed hash value to the output file.
outStream.Write(hashValue, 0, hashValue.Length);
// Copy the contents of the sourceFile to the destFile.
int bytesRead;
// read 1K at a time
byte[] buffer = new byte[1024];
do
{
// Read from the wrapping CryptoStream.
bytesRead = inStream.Read(buffer,0,1024);
outStream.Write(buffer, 0, bytesRead);
} while (bytesRead > 0);
myhmacsha1.Clear();
// Close the streams
inStream.Close();
outStream.Close();
return;
} // end EncodeFile
// Decrypt the encoded file and compare to original file.
public static bool DecodeFile(byte[] key, String sourceFile)
{
// Initialize the keyed hash object.
HMACSHA1 hmacsha1 = new HMACSHA1(key);
// Create an array to hold the keyed hash value read from the file.
byte[] storedHash = new byte[hmacsha1.HashSize/8];
// Create a FileStream for the source file.
FileStream inStream = new FileStream(sourceFile, FileMode.Open);
// Read in the storedHash.
inStream.Read(storedHash, 0, storedHash.Length);
// Compute the hash of the remaining contents of the file.
// The stream is properly positioned at the beginning of the content,
// immediately after the stored hash value.
byte[] computedHash = hmacsha1.ComputeHash(inStream);
// compare the computed hash with the stored value
for (int i =0; i < storedHash.Length; i++)
{
if (computedHash[i] != storedHash[i])
{
Console.WriteLine("Hash values differ! Encoded file has been tampered with!");
return false;
}
}
Console.WriteLine("Hash values agree -- no tampering occurred.");
return true;
} //end DecodeFile
private const string usageText = "Usage: HMACSHA1 inputfile.txt encryptedfile.hsh\nYou must specify the two file names. Only the first file must exist.\n";
public static void Main(string[] Fileargs)
{
//If no file names are specified, write usage text.
if (Fileargs.Length < 2)
{
Console.WriteLine(usageText);
}
else
{
try
{
// Create a random key using a random number generator. This would be the
// secret key shared by sender and receiver.
byte[] secretkey = new Byte[64];
//RNGCryptoServiceProvider is an implementation of a random number generator.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
// The array is now filled with cryptographically strong random bytes.
rng.GetBytes(secretkey);
// Use the secret key to encode the message file.
EncodeFile(secretkey, Fileargs[0], Fileargs[1]);
// Take the encoded file and decode
DecodeFile(secretkey, Fileargs[1]);
}
catch (IOException e)
{
Console.WriteLine("Error: File not found",e);
}
} //end if-else
} //end main
} //end class
using namespace System;
using namespace System::IO;
using namespace System::Security::Cryptography;
// Computes a keyed hash for a source file, creates a target file with the keyed hash
// prepended to the contents of the source file, then decrypts the file and compares
// the source and the decrypted files.
void EncodeFile( array<Byte>^key, String^ sourceFile, String^ destFile )
{
// Initialize the keyed hash object.
HMACSHA1^ myhmacsha1 = gcnew HMACSHA1( key );
FileStream^ inStream = gcnew FileStream( sourceFile,FileMode::Open );
FileStream^ outStream = gcnew FileStream( destFile,FileMode::Create );
// Compute the hash of the input file.
array<Byte>^hashValue = myhmacsha1->ComputeHash( inStream );
// Reset inStream to the beginning of the file.
inStream->Position = 0;
// Write the computed hash value to the output file.
outStream->Write( hashValue, 0, hashValue->Length );
// Copy the contents of the sourceFile to the destFile.
int bytesRead;
// read 1K at a time
array<Byte>^buffer = gcnew array<Byte>(1024);
do
{
// Read from the wrapping CryptoStream.
bytesRead = inStream->Read( buffer, 0, 1024 );
outStream->Write( buffer, 0, bytesRead );
}
while ( bytesRead > 0 );
myhmacsha1->Clear();
// Close the streams
inStream->Close();
outStream->Close();
return;
} // end EncodeFile
// Decrypt the encoded file and compare to original file.
bool DecodeFile( array<Byte>^key, String^ sourceFile )
{
// Initialize the keyed hash object.
HMACSHA1^ hmacsha1 = gcnew HMACSHA1( key );
// Create an array to hold the keyed hash value read from the file.
array<Byte>^storedHash = gcnew array<Byte>(hmacsha1->HashSize / 8);
// Create a FileStream for the source file.
FileStream^ inStream = gcnew FileStream( sourceFile,FileMode::Open );
// Read in the storedHash.
inStream->Read( storedHash, 0, storedHash->Length );
// Compute the hash of the remaining contents of the file.
// The stream is properly positioned at the beginning of the content,
// immediately after the stored hash value.
array<Byte>^computedHash = hmacsha1->ComputeHash( inStream );
// compare the computed hash with the stored value
for ( int i = 0; i < storedHash->Length; i++ )
{
if ( computedHash[ i ] != storedHash[ i ] )
{
Console::WriteLine( "Hash values differ! Encoded file has been tampered with!" );
return false;
}
}
Console::WriteLine( "Hash values agree -- no tampering occurred." );
return true;
} //end DecodeFile
int main()
{
array<String^>^Fileargs = Environment::GetCommandLineArgs();
String^ usageText = "Usage: HMACSHA1 inputfile.txt encryptedfile.hsh\nYou must specify the two file names. Only the first file must exist.\n";
//If no file names are specified, write usage text.
if ( Fileargs->Length < 3 )
{
Console::WriteLine( usageText );
}
else
{
try
{
// Create a random key using a random number generator. This would be the
// secret key shared by sender and receiver.
array<Byte>^secretkey = gcnew array<Byte>(64);
//RNGCryptoServiceProvider is an implementation of a random number generator.
RNGCryptoServiceProvider^ rng = gcnew RNGCryptoServiceProvider;
// The array is now filled with cryptographically strong random bytes.
rng->GetBytes( secretkey );
// Use the secret key to encode the message file.
EncodeFile( secretkey, Fileargs[ 1 ], Fileargs[ 2 ] );
// Take the encoded file and decode
DecodeFile( secretkey, Fileargs[ 2 ] );
}
catch ( IOException^ e )
{
Console::WriteLine( "Error: File not found", e );
}
}
} //end main
import System.*;
import System.IO.*;
import System.Security.Cryptography.*;
public class HMACSHA1Example
{
// Computes a keyed hash for a source file, creates a target file with the
// keyed hash prepended to the contents of the source file, then decrypts
// the file and compares the source and the decrypted files.
public static void EncodeFile(ubyte key[], String sourceFile,
String destFile)
{
// Initialize the keyed hash object.
HMACSHA1 myhmacsha1 = new HMACSHA1(key);
FileStream inStream = new FileStream(sourceFile, FileMode.Open);
FileStream outStream = new FileStream(destFile, FileMode.Create);
// Compute the hash of the input file.
ubyte hashValue[] = myhmacsha1.ComputeHash(inStream);
// Reset inStream to the beginning of the file.
inStream.set_Position(0);
// Write the computed hash value to the output file.
outStream.Write(hashValue, 0, hashValue.length);
// Copy the contents of the sourceFile to the destFile.
int bytesRead;
// read 1K at a time
ubyte buffer[] = new ubyte[1024];
do {
// Read from the wrapping CryptoStream.
bytesRead = inStream.Read(buffer, 0, 1024);
outStream.Write(buffer, 0, bytesRead);
} while (bytesRead > 0);
myhmacsha1.Clear();
// Close the streams
inStream.Close();
outStream.Close();
return;
} // end EncodeFile
// Decrypt the encoded file and compare to original file.
public static boolean DecodeFile(ubyte key[], String sourceFile)
{
// Initialize the keyed hash object.
HMACSHA1 hmacsha1 = new HMACSHA1(key);
// Create an array to hold the keyed hash value read from the file.
ubyte storedHash[] = new ubyte[hmacsha1.get_HashSize() / 8];
// Create a FileStream for the source file.
FileStream inStream = new FileStream(sourceFile, FileMode.Open);
// Read in the storedHash.
inStream.Read(storedHash, 0, storedHash.length);
// Compute the hash of the remaining contents of the file.
// The stream is properly positioned at the beginning of the content,
// immediately after the stored hash value.
ubyte computedHash[] = hmacsha1.ComputeHash(inStream);
// compare the computed hash with the stored value
for (int i = 0; i < storedHash.length; i++) {
if (computedHash.get_Item(i) != storedHash.get_Item(i)) {
Console.WriteLine("Hash values differ! Encoded file has been "
+ " tampered with!");
return false;
}
}
Console.WriteLine("Hash values agree -- no tampering occurred.");
return true;
} //DecodeFile //end DecodeFile
private static String usageText = "Usage: HMACSHA1 inputfile.txt "
+ "encryptedfile.hsh\nYou must specify the two file names. Only "
+ "the first file must exist.\n";
public static void main(String[] fileargs)
{
//If no file names are specified, write usage text.
if (fileargs.length < 2) {
Console.WriteLine(usageText);
}
else {
try {
// Create a random key using a random number generator. This
// would be the secret key shared by sender and receiver.
ubyte secretKey[] = new ubyte[64];
// RNGCryptoServiceProvider is an implementation of a random
// number generator.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
// The array is now filled with cryptographically strong
// random bytes.
rng.GetBytes(secretKey);
// Use the secret key to encode the message file.
EncodeFile(secretKey, fileargs[0], fileargs[1]);
// Take the encoded file and decode
DecodeFile(secretKey, fileargs[1]);
}
catch (IOException e) {
Console.WriteLine("Error: File not found", e);
}
}//end if-else
} //end main
} //end class HMACSHA1Example
Vererbungshierarchie
System.Object
System.Security.Cryptography.HashAlgorithm
System.Security.Cryptography.KeyedHashAlgorithm
System.Security.Cryptography.HMAC
System.Security.Cryptography.HMACSHA1
Threadsicherheit
Alle öffentlichen statischen (Shared in Visual Basic) Member dieses Typs sind threadsicher. Bei Instanzmembern ist die Threadsicherheit nicht gewährleistet.
Plattformen
Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
.NET Framework unterstützt nicht alle Versionen sämtlicher Plattformen. Eine Liste der unterstützten Versionen finden Sie unter Systemanforderungen.
Versionsinformationen
.NET Framework
Unterstützt in: 2.0, 1.1, 1.0
Siehe auch
Referenz
HMACSHA1-Member
System.Security.Cryptography-Namespace