Computes a Hash-based Message Authentication Code (HMAC) using the SHA512 hash function.
(in mscorlib.dll)
<ComVisibleAttribute(True)> _
Public Class HMACSHA512 _
Inherits HMAC
[ComVisibleAttribute(true)]
public class HMACSHA512 : HMAC
[ComVisibleAttribute(true)]
public ref class HMACSHA512 : public HMAC
[<ComVisibleAttribute(true)>]
type HMACSHA512 =
class
inherit HMAC
end
HMACSHA512 is a type of keyed hash algorithm that is constructed from the SHA-512 hash function and used as a Hash-based Message Authentication Code (HMAC). The HMAC process mixes a secret key with the message data and hashes the result. The hash value is mixed with the secret key again, and then hashed a second time. The output hash is 512 bits in length.
An HMAC can be used to determine whether a message sent over a nonsecure channel has been tampered with, provided that the sender and receiver share a secret key. The sender computes the hash value for the original data and sends both the original data and hash value as a single message. The receiver recalculates the hash value on the received message and checks that the computed HMAC matches the transmitted HMAC.
If the original and computed hash values match, the message is authenticated. If they do not match, either the data or the hash value has been changed. HMACs provide security against tampering because knowledge of the secret key is required to change the message and reproduce the correct hash value.
HMACSHA512 accepts keys of any size, and produces a hash sequence of length 512 bits.
.NET Framework 2.0 Considerations
In the .NET Framework version 2.0, the HMACSHA512 class produced results that were not consistent with other implementations of HMAC-SHA-512. The .NET Framework version 2.0 Service Pack 1 updates this class. However, the HMAC values it produces are inconsistent with the output of the .NET Framework 2.0 implementation of the class. To enable .NET Framework 2.0 SP1 applications to interact with .NET Framework 2.0 applications, the .NET Framework 2.0 SP1 introduces the following four changes to the HMACSHA512 class:
The ProduceLegacyHmacValues Boolean property supports the earlier implementation. When you set this property to true, the HMACSHA512 object produces values that match the values produced by the .NET Framework 2.0.
In some applications, it may be expensive or difficult to change the code. For these situations, .NET Framework 2.0 SP1 provides a configuration switch, legacyHMACMode, for the application’s .config file. This switch causes all HMAC objects created in the application to use the .NET Framework 2.0 calculation.
<configuration>
<runtime>
<legacyHMACMode enabled="1" />
</runtime>
</configuration>
To help debug any issues that arise when upgrading to the .NET Framework 2.0 SP1, the first time an instance of the HMACSHA512 class is created, a warning about the implementation changes is sent to the event log and to any attached debugger. If you set the legacyHMACMode configuration switch to use the .NET Framework 2.0 calculation, this message is not generated.
The .NET Framework 2.0 SP1 also introduces a second configuration switch, legacyHMACWarning, that lets you manually suppress the warning message for your application.
<configuration>
<runtime>
<legacyHMACWarning enabled="0" />
</runtime>
</configuration>
Note that these four changes affect only the HMACSHA384 and HMACSHA512 classes, and not the SHA256Managed class.
The following example shows how to encode a file using the HMACSHA512 object and then how to decode the file.
Imports System
Imports System.IO
Imports System.Security.Cryptography
Public Class HMACSHA512example
' Computes a keyed hash for a source file, creates a target file with the keyed hash
' prepended to the contents of the source file, then decrypts the file and compares
' the source and the decrypted files.
Public Shared Sub EncodeFile(ByVal key() As Byte, ByVal sourceFile As String, ByVal destFile As String)
' Initialize the keyed hash object.
Dim myhmacsha512 As New HMACSHA512(key)
Dim inStream As New FileStream(sourceFile, FileMode.Open)
Dim outStream As New FileStream(destFile, FileMode.Create)
' Compute the hash of the input file.
Dim hashValue As Byte() = myhmacsha512.ComputeHash(inStream)
' Reset inStream to the beginning of the file.
inStream.Position = 0
' Write the computed hash value to the output file.
outStream.Write(hashValue, 0, hashValue.Length)
' Copy the contents of the sourceFile to the destFile.
Dim bytesRead As Integer
' read 1K at a time
Dim buffer(1023) As Byte
Do
' Read from the wrapping CryptoStream.
bytesRead = inStream.Read(buffer, 0, 1024)
outStream.Write(buffer, 0, bytesRead)
Loop While bytesRead > 0
myhmacsha512.Clear()
' Close the streams
inStream.Close()
outStream.Close()
Return
End Sub
' Decrypt the encoded file and compare to original file.
Public Shared Function DecodeFile(ByVal key() As Byte, ByVal sourceFile As String) As Boolean
' Initialize the keyed hash object.
Dim hmacsha512 As New HMACSHA512(key)
' Create an array to hold the keyed hash value read from the file.
Dim storedHash(hmacsha512.HashSize / 8) As Byte
' Create a FileStream for the source file.
Dim inStream As New FileStream(sourceFile, FileMode.Open)
' Read in the storedHash.
inStream.Read(storedHash, 0, storedHash.Length)
' Compute the hash of the remaining contents of the file.
' The stream is properly positioned at the beginning of the content,
' immediately after the stored hash value.
Dim computedHash As Byte() = hmacsha512.ComputeHash(inStream)
' compare the computed hash with the stored value
Dim err As Boolean = False
Dim i As Integer
For i = 0 To storedHash.Length
If computedHash(i) <> storedHash(i) Then
Console.WriteLine("Hash values differ! Encoded file has been tampered with!")
Return False
End If
Next i
If (err) Then
Console.WriteLine("Hash values differ! Encoded file has been tampered with!")
Return False
Else
Console.WriteLine("Hash values agree -- no tampering occurred.")
Return True
End If
End Function
Private Const usageText As String = "Usage: HMACSHA512 inputfile.txt encryptedfile.hsh" + vbLf + "You must specify the two file names. Only the first file must exist." + vbLf
Public Shared Sub Main(ByVal Fileargs() As String)
'If no file names are specified, write usage text.
If Fileargs.Length < 2 Then
Console.WriteLine(usageText)
Else
Try
' Create a random key using a random number generator. This would be the
' secret key shared by sender and receiver.
Dim secretkey() As Byte = New [Byte](63) {}
'RNGCryptoServiceProvider is an implementation of a random number generator.
Dim rng As New RNGCryptoServiceProvider()
' The array is now filled with cryptographically strong random bytes.
rng.GetBytes(secretkey)
' Use the secret key to encode the message file.
EncodeFile(secretkey, Fileargs(0), Fileargs(1))
' Take the encoded file and decode
DecodeFile(secretkey, Fileargs(1))
Catch e As IOException
Console.WriteLine("Error: File not found", e)
End Try
End If
End Sub
End Class
using System;
using System.IO;
using System.Security.Cryptography;
public class HMACSHA512example
{
// Computes a keyed hash for a source file, creates a target file with the keyed hash
// prepended to the contents of the source file, then decrypts the file and compares
// the source and the decrypted files.
public static void EncodeFile(byte[] key, String sourceFile, String destFile)
{
// Initialize the keyed hash object.
HMACSHA512 myhmacsha512 = new HMACSHA512(key);
FileStream inStream = new FileStream(sourceFile, FileMode.Open);
FileStream outStream = new FileStream(destFile, FileMode.Create);
// Compute the hash of the input file.
byte[] hashValue = myhmacsha512.ComputeHash(inStream);
// Reset inStream to the beginning of the file.
inStream.Position = 0;
// Write the computed hash value to the output file.
outStream.Write(hashValue, 0, hashValue.Length);
// Copy the contents of the sourceFile to the destFile.
int bytesRead;
// read 1K at a time
byte[] buffer = new byte[1024];
do
{
// Read from the wrapping CryptoStream.
bytesRead = inStream.Read(buffer,0,1024);
outStream.Write(buffer, 0, bytesRead);
} while (bytesRead > 0);
myhmacsha512.Clear();
// Close the streams
inStream.Close();
outStream.Close();
return;
} // end EncodeFile
// Decrypt the encoded file and compare to original file.
public static bool DecodeFile(byte[] key, String sourceFile)
{
// Initialize the keyed hash object.
HMACSHA512 hmacsha512 = new HMACSHA512(key);
// Create an array to hold the keyed hash value read from the file.
byte[] storedHash = new byte[hmacsha512.HashSize/8];
// Create a FileStream for the source file.
FileStream inStream = new FileStream(sourceFile, FileMode.Open);
// Read in the storedHash.
inStream.Read(storedHash, 0, storedHash.Length);
// Compute the hash of the remaining contents of the file.
// The stream is properly positioned at the beginning of the content,
// immediately after the stored hash value.
byte[] computedHash = hmacsha512.ComputeHash(inStream);
// compare the computed hash with the stored value
bool err = false;
for (int i = 0; i < storedHash.Length; i++)
{
if (computedHash[i] != storedHash[i])
{
err = true;
}
}
if (err)
{
Console.WriteLine("Hash values differ! Encoded file has been tampered with!");
return false;
}
else
{
Console.WriteLine("Hash values agree -- no tampering occurred.");
return true;
}
} //end DecodeFile
private const string usageText = "Usage: HMACSHA512 inputfile.txt encryptedfile.hsh\nYou must specify the two file names. Only the first file must exist.\n";
public static void Main(string[] Fileargs)
{
//If no file names are specified, write usage text.
if (Fileargs.Length < 2)
{
Console.WriteLine(usageText);
}
else
{
try
{
// Create a random key using a random number generator. This would be the
// secret key shared by sender and receiver.
byte[] secretkey = new Byte[64];
//RNGCryptoServiceProvider is an implementation of a random number generator.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
// The array is now filled with cryptographically strong random bytes.
rng.GetBytes(secretkey);
// Use the secret key to encode the message file.
EncodeFile(secretkey, Fileargs[0], Fileargs[1]);
// Take the encoded file and decode
DecodeFile(secretkey, Fileargs[1]);
}
catch (IOException e)
{
Console.WriteLine("Error: File not found",e);
}
} //end if-else
} //end main
} //end class
using namespace System;
using namespace System::IO;
using namespace System::Security::Cryptography;
// Computes a keyed hash for a source file, creates a target file with the keyed hash
// prepended to the contents of the source file, then decrypts the file and compares
// the source and the decrypted files.
void EncodeFile( array<Byte>^key, String^ sourceFile, String^ destFile )
{
// Initialize the keyed hash object.
HMACSHA512^ myhmacsha512 = gcnew HMACSHA512( key );
FileStream^ inStream = gcnew FileStream( sourceFile,FileMode::Open );
FileStream^ outStream = gcnew FileStream( destFile,FileMode::Create );
// Compute the hash of the input file.
array<Byte>^hashValue = myhmacsha512->ComputeHash( inStream );
// Reset inStream to the beginning of the file.
inStream->Position = 0;
// Write the computed hash value to the output file.
outStream->Write( hashValue, 0, hashValue->Length );
// Copy the contents of the sourceFile to the destFile.
int bytesRead;
// read 1K at a time
array<Byte>^buffer = gcnew array<Byte>(1024);
do
{
// Read from the wrapping CryptoStream.
bytesRead = inStream->Read( buffer, 0, 1024 );
outStream->Write( buffer, 0, bytesRead );
}
while ( bytesRead > 0 );
myhmacsha512->Clear();
// Close the streams
inStream->Close();
outStream->Close();
return;
} // end EncodeFile
// Decrypt the encoded file and compare to original file.
bool DecodeFile( array<Byte>^key, String^ sourceFile )
{
// Initialize the keyed hash object.
HMACSHA512^ hmacsha512 = gcnew HMACSHA512( key );
// Create an array to hold the keyed hash value read from the file.
array<Byte>^storedHash = gcnew array<Byte>(hmacsha512->HashSize / 8);
// Create a FileStream for the source file.
FileStream^ inStream = gcnew FileStream( sourceFile,FileMode::Open );
// Read in the storedHash.
inStream->Read( storedHash, 0, storedHash->Length );
// Compute the hash of the remaining contents of the file.
// The stream is properly positioned at the beginning of the content,
// immediately after the stored hash value.
array<Byte>^computedHash = hmacsha512->ComputeHash( inStream );
// compare the computed hash with the stored value
bool err = false;
for ( int i = 0; i < storedHash->Length; i++ )
{
if ( computedHash[ i ] != storedHash[ i ] )
{
err = true;
}
}
if (err)
{
Console::WriteLine("Hash values differ! Encoded file has been tampered with!");
return false;
}
else
{
Console::WriteLine("Hash values agree -- no tampering occurred.");
return true;
}
} //end DecodeFile
int main()
{
array<String^>^Fileargs = Environment::GetCommandLineArgs();
String^ usageText = "Usage: HMACSHA512 inputfile.txt encryptedfile.hsh\nYou must specify the two file names. Only the first file must exist.\n";
//If no file names are specified, write usage text.
if ( Fileargs->Length < 3 )
{
Console::WriteLine( usageText );
}
else
{
try
{
// Create a random key using a random number generator. This would be the
// secret key shared by sender and receiver.
array<Byte>^secretkey = gcnew array<Byte>(64);
//RNGCryptoServiceProvider is an implementation of a random number generator.
RNGCryptoServiceProvider^ rng = gcnew RNGCryptoServiceProvider;
// The array is now filled with cryptographically strong random bytes.
rng->GetBytes( secretkey );
// Use the secret key to encode the message file.
EncodeFile( secretkey, Fileargs[ 1 ], Fileargs[ 2 ] );
// Take the encoded file and decode
DecodeFile( secretkey, Fileargs[ 2 ] );
}
catch ( IOException^ e )
{
Console::WriteLine( "Error: File not found", e );
}
}
} //end main
System..::.Object
System.Security.Cryptography..::.HashAlgorithm
System.Security.Cryptography..::.KeyedHashAlgorithm
System.Security.Cryptography..::.HMAC
System.Security.Cryptography..::.HMACSHA512
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role not supported), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
.NET Framework
Supported in: 4, 3.5, 3.0, 2.0
.NET Framework Client Profile
Supported in: 4, 3.5 SP1
Reference
Other Resources