- Reference
Definition
- Namespace:
- System.Security.Cryptography
- Assembly:
- System.Security.Cryptography.Algorithms.dll
- Assembly:
- System.Security.Cryptography.dll
- Assembly:
- mscorlib.dll
- Assembly:
- netstandard.dll
- Source:
- HMACSHA256.cs
- Source:
- HMACSHA256.cs
- Source:
- HMACSHA256.cs
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Computes a Hash-based Message Authentication Code (HMAC) by using the SHA256 hash function.
public ref class HMACSHA256 : System::Security::Cryptography::HMAC[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]public class HMACSHA256 : System.Security.Cryptography.HMACpublic class HMACSHA256 : System.Security.Cryptography.HMAC[System.Runtime.InteropServices.ComVisible(true)]public class HMACSHA256 : System.Security.Cryptography.HMAC[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]type HMACSHA256 = class inherit HMACtype HMACSHA256 = class inherit HMAC[<System.Runtime.InteropServices.ComVisible(true)>]type HMACSHA256 = class inherit HMACPublic Class HMACSHA256Inherits HMAC- Inheritance
Object
HashAlgorithm
KeyedHashAlgorithm
HMAC
HMACSHA256
- Attributes
UnsupportedOSPlatformAttributeComVisibleAttribute
Examples
The following example shows how to sign a file by using the HMACSHA256 object and then how to verify the file.
using namespace System;using namespace System::IO;using namespace System::Security::Cryptography;// Computes a keyed hash for a source file, creates a target file with the keyed hash// prepended to the contents of the source file, then decodes the file and compares// the source and the decoded files.void EncodeFile( array<Byte>^key, String^ sourceFile, String^ destFile ){ // Initialize the keyed hash object. HMACSHA256^ myhmacsha256 = gcnew HMACSHA256( key ); FileStream^ inStream = gcnew FileStream( sourceFile,FileMode::Open ); FileStream^ outStream = gcnew FileStream( destFile,FileMode::Create ); // Compute the hash of the input file. array<Byte>^hashValue = myhmacsha256->ComputeHash( inStream ); // Reset inStream to the beginning of the file. inStream->Position = 0; // Write the computed hash value to the output file. outStream->Write( hashValue, 0, hashValue->Length ); // Copy the contents of the sourceFile to the destFile. int bytesRead; // read 1K at a time array<Byte>^buffer = gcnew array<Byte>(1024); do { // Read from the wrapping CryptoStream. bytesRead = inStream->Read( buffer, 0, 1024 ); outStream->Write( buffer, 0, bytesRead ); } while ( bytesRead > 0 ); myhmacsha256->Clear(); // Close the streams inStream->Close(); outStream->Close(); return;} // end EncodeFile// Decode the encoded file and compare to original file.bool DecodeFile( array<Byte>^key, String^ sourceFile ){ // Initialize the keyed hash object. HMACSHA256^ hmacsha256 = gcnew HMACSHA256( key ); // Create an array to hold the keyed hash value read from the file. array<Byte>^storedHash = gcnew array<Byte>(hmacsha256->HashSize / 8); // Create a FileStream for the source file. FileStream^ inStream = gcnew FileStream( sourceFile,FileMode::Open ); // Read in the storedHash. inStream->Read( storedHash, 0, storedHash->Length ); // Compute the hash of the remaining contents of the file. // The stream is properly positioned at the beginning of the content, // immediately after the stored hash value. array<Byte>^computedHash = hmacsha256->ComputeHash( inStream ); // compare the computed hash with the stored value bool err = false; for ( int i = 0; i < storedHash->Length; i++ ) { if ( computedHash[ i ] != storedHash[ i ] ) { err = true; } } if (err) { Console::WriteLine("Hash values differ! Encoded file has been tampered with!"); return false; } else { Console::WriteLine("Hash values agree -- no tampering occurred."); return true; }} //end DecodeFileint main(){ array<String^>^Fileargs = Environment::GetCommandLineArgs(); String^ usageText = "Usage: HMACSHA256 inputfile.txt encodedfile.hsh\nYou must specify the two file names. Only the first file must exist.\n"; //If no file names are specified, write usage text. if ( Fileargs->Length < 3 ) { Console::WriteLine( usageText ); } else { try { // Create a random key using a random number generator. This would be the // secret key shared by sender and receiver. array<Byte>^secretkey = gcnew array<Byte>(64); //RNGCryptoServiceProvider is an implementation of a random number generator. RNGCryptoServiceProvider^ rng = gcnew RNGCryptoServiceProvider; // The array is now filled with cryptographically strong random bytes. rng->GetBytes( secretkey ); // Use the secret key to encode the message file. EncodeFile( secretkey, Fileargs[ 1 ], Fileargs[ 2 ] ); // Take the encoded file and decode DecodeFile( secretkey, Fileargs[ 2 ] ); } catch ( IOException^ e ) { Console::WriteLine( "Error: File not found", e ); } }} //end mainusing System;using System.IO;using System.Security.Cryptography;public class HMACSHA256example{ public static void Main(string[] Fileargs) { string dataFile; string signedFile; //If no file names are specified, create them. if (Fileargs.Length < 2) { dataFile = @"text.txt"; signedFile = "signedFile.enc"; if (!File.Exists(dataFile)) { // Create a file to write to. using (StreamWriter sw = File.CreateText(dataFile)) { sw.WriteLine("Here is a message to sign"); } } } else { dataFile = Fileargs[0]; signedFile = Fileargs[1]; } try { // Create a random key using a random number generator. This would be the // secret key shared by sender and receiver. byte[] secretkey = new Byte[64]; //RNGCryptoServiceProvider is an implementation of a random number generator. using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider()) { // The array is now filled with cryptographically strong random bytes. rng.GetBytes(secretkey); // Use the secret key to sign the message file. SignFile(secretkey, dataFile, signedFile); // Verify the signed file VerifyFile(secretkey, signedFile); } } catch (IOException e) { Console.WriteLine("Error: File not found", e); } } //end main // Computes a keyed hash for a source file and creates a target file with the keyed hash // prepended to the contents of the source file. public static void SignFile(byte[] key, String sourceFile, String destFile) { // Initialize the keyed hash object. using (HMACSHA256 hmac = new HMACSHA256(key)) { using (FileStream inStream = new FileStream(sourceFile, FileMode.Open)) { using (FileStream outStream = new FileStream(destFile, FileMode.Create)) { // Compute the hash of the input file. byte[] hashValue = hmac.ComputeHash(inStream); // Reset inStream to the beginning of the file. inStream.Position = 0; // Write the computed hash value to the output file. outStream.Write(hashValue, 0, hashValue.Length); // Copy the contents of the sourceFile to the destFile. int bytesRead; // read 1K at a time byte[] buffer = new byte[1024]; do { // Read from the wrapping CryptoStream. bytesRead = inStream.Read(buffer, 0, 1024); outStream.Write(buffer, 0, bytesRead); } while (bytesRead > 0); } } } return; } // end SignFile // Compares the key in the source file with a new key created for the data portion of the file. If the keys // compare the data has not been tampered with. public static bool VerifyFile(byte[] key, String sourceFile) { bool err = false; // Initialize the keyed hash object. using (HMACSHA256 hmac = new HMACSHA256(key)) { // Create an array to hold the keyed hash value read from the file. byte[] storedHash = new byte[hmac.HashSize / 8]; // Create a FileStream for the source file. using (FileStream inStream = new FileStream(sourceFile, FileMode.Open)) { // Read in the storedHash. inStream.Read(storedHash, 0, storedHash.Length); // Compute the hash of the remaining contents of the file. // The stream is properly positioned at the beginning of the content, // immediately after the stored hash value. byte[] computedHash = hmac.ComputeHash(inStream); // compare the computed hash with the stored value for (int i = 0; i < storedHash.Length; i++) { if (computedHash[i] != storedHash[i]) { err = true; } } } } if (err) { Console.WriteLine("Hash values differ! Signed file has been tampered with!"); return false; } else { Console.WriteLine("Hash values agree -- no tampering occurred."); return true; } } //end VerifyFile} //end classImports System.IOImports System.Security.CryptographyPublic Class HMACSHA256example Public Shared Sub Main(ByVal Fileargs() As String) Dim dataFile As String Dim signedFile As String 'If no file names are specified, create them. If Fileargs.Length < 2 Then dataFile = "text.txt" signedFile = "signedFile.enc" If Not File.Exists(dataFile) Then ' Create a file to write to. Using sw As StreamWriter = File.CreateText(dataFile) sw.WriteLine("Here is a message to sign") End Using End If Else dataFile = Fileargs(0) signedFile = Fileargs(1) End If Try ' Create a random key using a random number generator. This would be the ' secret key shared by sender and receiver. Dim secretkey() As Byte = New [Byte](63) {} 'RNGCryptoServiceProvider is an implementation of a random number generator. Using rng As New RNGCryptoServiceProvider() ' The array is now filled with cryptographically strong random bytes. rng.GetBytes(secretkey) ' Use the secret key to encode the message file. SignFile(secretkey, dataFile, signedFile) ' Take the encoded file and decode VerifyFile(secretkey, signedFile) End Using Catch e As IOException Console.WriteLine("Error: File not found", e) End Try End Sub ' Computes a keyed hash for a source file and creates a target file with the keyed hash ' prepended to the contents of the source file. Public Shared Sub SignFile(ByVal key() As Byte, ByVal sourceFile As String, ByVal destFile As String) ' Initialize the keyed hash object. Using myhmac As New HMACSHA256(key) Using inStream As New FileStream(sourceFile, FileMode.Open) Using outStream As New FileStream(destFile, FileMode.Create) ' Compute the hash of the input file. Dim hashValue As Byte() = myhmac.ComputeHash(inStream) ' Reset inStream to the beginning of the file. inStream.Position = 0 ' Write the computed hash value to the output file. outStream.Write(hashValue, 0, hashValue.Length) ' Copy the contents of the sourceFile to the destFile. Dim bytesRead As Integer ' read 1K at a time Dim buffer(1023) As Byte Do ' Read from the wrapping CryptoStream. bytesRead = inStream.Read(buffer, 0, 1024) outStream.Write(buffer, 0, bytesRead) Loop While bytesRead > 0 End Using End Using End Using Return End Sub ' end SignFile ' Compares the key in the source file with a new key created for the data portion of the file. If the keys ' compare the data has not been tampered with. Public Shared Function VerifyFile(ByVal key() As Byte, ByVal sourceFile As String) As Boolean Dim err As Boolean = False ' Initialize the keyed hash object. Using hmac As New HMACSHA256(key) ' Create an array to hold the keyed hash value read from the file. Dim storedHash(hmac.HashSize / 8 - 1) As Byte ' Create a FileStream for the source file. Using inStream As New FileStream(sourceFile, FileMode.Open) ' Read in the storedHash. inStream.Read(storedHash, 0, storedHash.Length - 1) ' Compute the hash of the remaining contents of the file. ' The stream is properly positioned at the beginning of the content, ' immediately after the stored hash value. Dim computedHash As Byte() = hmac.ComputeHash(inStream) ' compare the computed hash with the stored value Dim i As Integer For i = 0 To storedHash.Length - 2 If computedHash(i) <> storedHash(i) Then err = True End If Next i End Using End Using If err Then Console.WriteLine("Hash values differ! Signed file has been tampered with!") Return False Else Console.WriteLine("Hash values agree -- no tampering occurred.") Return True End If End Function 'VerifyFile End Class'end classRemarks
HMACSHA256 is a type of keyed hash algorithm that is constructed from the SHA-256 hash function and used as a Hash-based Message Authentication Code (HMAC). The HMAC process mixes a secret key with the message data, hashes the result with the hash function, mixes that hash value with the secret key again, and then applies the hash function a second time. The output hash is 256 bits in length.
An HMAC can be used to determine whether a message sent over an insecure channel has been tampered with, provided that the sender and receiver share a secret key. The sender computes the hash value for the original data and sends both the original data and hash value as a single message. The receiver recalculates the hash value on the received message and checks that the computed HMAC matches the transmitted HMAC.
Any change to the data or the hash value results in a mismatch, because knowledge of the secret key is required to change the message and reproduce the correct hash value. Therefore, if the original and computed hash values match, the message is authenticated.
HMACSHA256 accepts keys of any size, and produces a hash sequence 256 bits in length.
Constructors
| HMACSHA256() | Initializes a new instance of the HMACSHA256 class with a randomly generated key. |
| HMACSHA256(Byte[]) | Initializes a new instance of the HMACSHA256 class with the specified key data. |
Fields
| HashSizeInBits | The hash size produced by the HMAC SHA256 algorithm, in bits. |
| HashSizeInBytes | The hash size produced by the HMAC SHA256 algorithm, in bytes. |
| HashSizeValue | Represents the size, in bits, of the computed hash code. (Inherited from HashAlgorithm) |
| HashValue | Represents the value of the computed hash code. (Inherited from HashAlgorithm) |
| KeyValue | The key to use in the hash algorithm. (Inherited from KeyedHashAlgorithm) |
| State | Represents the state of the hash computation. (Inherited from HashAlgorithm) |
Properties
| BlockSizeValue | Gets or sets the block size to use in the hash value. (Inherited from HMAC) |
| CanReuseTransform | Gets a value indicating whether the current transform can be reused. (Inherited from HashAlgorithm) |
| CanTransformMultipleBlocks | When overridden in a derived class, gets a value indicating whether multiple blocks can be transformed. (Inherited from HashAlgorithm) |
| Hash | Gets the value of the computed hash code. (Inherited from HashAlgorithm) |
| HashName | Gets or sets the name of the hash algorithm to use for hashing. (Inherited from HMAC) |
| HashSize | Gets the size, in bits, of the computed HMAC. |
| HashSize | Gets the size, in bits, of the computed hash code. (Inherited from HashAlgorithm) |
| InputBlockSize | When overridden in a derived class, gets the input block size. (Inherited from HashAlgorithm) |
| Key | Gets or sets the key to use in the HMAC calculation. |
| Key | Gets or sets the key to use in the HMAC calculation. (Inherited from HMAC) |
| OutputBlockSize | When overridden in a derived class, gets the output block size. (Inherited from HashAlgorithm) |
Methods
| Clear() | Releases all resources used by the HashAlgorithm class. (Inherited from HashAlgorithm) |
| ComputeHash(Byte[], Int32, Int32) | Computes the hash value for the specified region of the specified byte array. (Inherited from HashAlgorithm) |
| ComputeHash(Byte[]) | Computes the hash value for the specified byte array. (Inherited from HashAlgorithm) |
| ComputeHash(Stream) | Computes the hash value for the specified Stream object. (Inherited from HashAlgorithm) |
| ComputeHashAsync(Stream, CancellationToken) | Asynchronously computes the hash value for the specified Stream object. (Inherited from HashAlgorithm) |
| Dispose() | Releases all resources used by the current instance of the HashAlgorithm class. (Inherited from HashAlgorithm) |
| Dispose(Boolean) | Releases the unmanaged resources used by the HMACSHA256 and optionally releases the managed resources. |
| Dispose(Boolean) | Releases the unmanaged resources used by the HMAC class when a key change is legitimate and optionally releases the managed resources. (Inherited from HMAC) |
| Equals(Object) | Determines whether the specified object is equal to the current object. (Inherited from Object) |
| GetHashCode() | Serves as the default hash function. (Inherited from Object) |
| GetType() | Gets the Type of the current instance. (Inherited from Object) |
| HashCore(Byte[], Int32, Int32) | Routes data written to the object into the HMAC algorithm for computing the HMAC. |
| HashCore(Byte[], Int32, Int32) | When overridden in a derived class, routes data written to the object into the HMAC algorithm for computing the HMAC value. (Inherited from HMAC) |
| HashCore(ReadOnlySpan<Byte>) | Routes data written to the object into the HMAC algorithm for computing the HMAC. |
| HashCore(ReadOnlySpan<Byte>) | Routes data written to the object into the HMAC algorithm for computing the HMAC. (Inherited from HMAC) |
| HashData(Byte[], Byte[]) | Computes the HMAC of data using the SHA256 algorithm. |
| HashData(Byte[], Stream) | Computes the HMAC of a stream using the SHA256 algorithm. |
| HashData(ReadOnlySpan<Byte>, ReadOnlySpan<Byte>, Span<Byte>) | Computes the HMAC of data using the SHA256 algorithm. |
| HashData(ReadOnlySpan<Byte>, ReadOnlySpan<Byte>) | Computes the HMAC of data using the SHA256 algorithm. |
| HashData(ReadOnlySpan<Byte>, Stream, Span<Byte>) | Computes the HMAC of a stream using the SHA256 algorithm. |
| HashData(ReadOnlySpan<Byte>, Stream) | Computes the HMAC of a stream using the SHA256 algorithm. |
| HashDataAsync(Byte[], Stream, CancellationToken) | Asynchronously computes the HMAC of a stream using the SHA256 algorithm. |
| HashDataAsync(ReadOnlyMemory<Byte>, Stream, CancellationToken) | Asynchronously computes the HMAC of a stream using the SHA256 algorithm. |
| HashDataAsync(ReadOnlyMemory<Byte>, Stream, Memory<Byte>, CancellationToken) | Asynchronously computes the HMAC of a stream using the SHA256 algorithm. |
| HashFinal() | Finalizes the HMAC computation after the last data is processed by the algorithm. |
| HashFinal() | When overridden in a derived class, finalizes the HMAC computation after the last data is processed by the algorithm. (Inherited from HMAC) |
| Initialize() | Resets the hash algorithm to its initial state. |
| Initialize() | Initializes an instance of the default implementation of HMAC. (Inherited from HMAC) |
| MemberwiseClone() | Creates a shallow copy of the current Object. (Inherited from Object) |
| ToString() | Returns a string that represents the current object. (Inherited from Object) |
| TransformBlock(Byte[], Int32, Int32, Byte[], Int32) | Computes the hash value for the specified region of the input byte array and copies the specified region of the input byte array to the specified region of the output byte array. (Inherited from HashAlgorithm) |
| TransformFinalBlock(Byte[], Int32, Int32) | Computes the hash value for the specified region of the specified byte array. (Inherited from HashAlgorithm) |
| TryComputeHash(ReadOnlySpan<Byte>, Span<Byte>, Int32) | Attempts to compute the hash value for the specified byte array. (Inherited from HashAlgorithm) |
| TryHashData(ReadOnlySpan<Byte>, ReadOnlySpan<Byte>, Span<Byte>, Int32) | Attempts to compute the HMAC of data using the SHA256 algorithm. |
| TryHashFinal(Span<Byte>, Int32) | Attempts to finalize the HMAC computation after the last data is processed by the HMAC algorithm. |
| TryHashFinal(Span<Byte>, Int32) | Attempts to finalize the HMAC computation after the last data is processed by the HMAC algorithm. (Inherited from HMAC) |
Explicit Interface Implementations
| IDisposable.Dispose() | Releases the unmanaged resources used by the HashAlgorithm and optionally releases the managed resources. (Inherited from HashAlgorithm) |
Applies to
See also
- Cryptographic Services
