HMACSHA1 类

定义

使用 SHA1 哈希函数计算基于哈希值的消息验证代码 (HMAC)。Computes a Hash-based Message Authentication Code (HMAC) using the SHA1 hash function.

public ref class HMACSHA1 : System::Security::Cryptography::HMAC
[System.Runtime.InteropServices.ComVisible(true)]
public class HMACSHA1 : System.Security.Cryptography.HMAC
type HMACSHA1 = class
    inherit HMAC
Public Class HMACSHA1
Inherits HMAC
继承
属性

示例

下面的代码示例演示如何使用HMACSHA1对象对文件进行签名,然后再对文件进行验证。The following code example shows how to sign a file by using the HMACSHA1 object and then how to verify the file.

using namespace System;
using namespace System::IO;
using namespace System::Security::Cryptography;

// Computes a keyed hash for a source file, creates a target file with the keyed hash
// prepended to the contents of the source file, then decrypts the file and compares
// the source and the decrypted files.
void EncodeFile( array<Byte>^key, String^ sourceFile, String^ destFile )
{
   
   // Initialize the keyed hash object.
   HMACSHA1^ myhmacsha1 = gcnew HMACSHA1( key );
   FileStream^ inStream = gcnew FileStream( sourceFile,FileMode::Open );
   FileStream^ outStream = gcnew FileStream( destFile,FileMode::Create );
   
   // Compute the hash of the input file.
   array<Byte>^hashValue = myhmacsha1->ComputeHash( inStream );
   
   // Reset inStream to the beginning of the file.
   inStream->Position = 0;
   
   // Write the computed hash value to the output file.
   outStream->Write( hashValue, 0, hashValue->Length );
   
   // Copy the contents of the sourceFile to the destFile.
   int bytesRead;
   
   // read 1K at a time
   array<Byte>^buffer = gcnew array<Byte>(1024);
   do
   {
      
      // Read from the wrapping CryptoStream.
      bytesRead = inStream->Read( buffer, 0, 1024 );
      outStream->Write( buffer, 0, bytesRead );
   }
   while ( bytesRead > 0 );

   myhmacsha1->Clear();
   
   // Close the streams
   inStream->Close();
   outStream->Close();
   return;
} // end EncodeFile



// Decrypt the encoded file and compare to original file.
bool DecodeFile( array<Byte>^key, String^ sourceFile )
{
   
   // Initialize the keyed hash object. 
   HMACSHA1^ hmacsha1 = gcnew HMACSHA1( key );
   
   // Create an array to hold the keyed hash value read from the file.
   array<Byte>^storedHash = gcnew array<Byte>(hmacsha1->HashSize / 8);
   
   // Create a FileStream for the source file.
   FileStream^ inStream = gcnew FileStream( sourceFile,FileMode::Open );
   
   // Read in the storedHash.
   inStream->Read( storedHash, 0, storedHash->Length );
   
   // Compute the hash of the remaining contents of the file.
   // The stream is properly positioned at the beginning of the content, 
   // immediately after the stored hash value.
   array<Byte>^computedHash = hmacsha1->ComputeHash( inStream );
   
   // compare the computed hash with the stored value
   bool err = false;
   for ( int i = 0; i < storedHash->Length; i++ )
   {
      if ( computedHash[ i ] != storedHash[ i ] )
      {
         err = true;
      }
   }
   if (err)
        {
            Console::WriteLine("Hash values differ! Encoded file has been tampered with!");
            return false;
        }
        else
        {
            Console::WriteLine("Hash values agree -- no tampering occurred.");
            return true;
        }

} //end DecodeFile


int main()
{
   array<String^>^Fileargs = Environment::GetCommandLineArgs();
   String^ usageText = "Usage: HMACSHA1 inputfile.txt encryptedfile.hsh\nYou must specify the two file names. Only the first file must exist.\n";
   
   //If no file names are specified, write usage text.
   if ( Fileargs->Length < 3 )
   {
      Console::WriteLine( usageText );
   }
   else
   {
      try
      {
         
         // Create a random key using a random number generator. This would be the
         //  secret key shared by sender and receiver.
         array<Byte>^secretkey = gcnew array<Byte>(64);
         
         //RNGCryptoServiceProvider is an implementation of a random number generator.
         RNGCryptoServiceProvider^ rng = gcnew RNGCryptoServiceProvider;
         
         // The array is now filled with cryptographically strong random bytes.
         rng->GetBytes( secretkey );
         
         // Use the secret key to encode the message file.
         EncodeFile( secretkey, Fileargs[ 1 ], Fileargs[ 2 ] );
         
         // Take the encoded file and decode
         DecodeFile( secretkey, Fileargs[ 2 ] );
      }
      catch ( IOException^ e ) 
      {
         Console::WriteLine( "Error: File not found", e );
      }

   }
} //end main


using System;
using System.IO;
using System.Security.Cryptography;

public class HMACSHA1example
{

    public static void Main(string[] Fileargs)
    {
        string dataFile;
        string signedFile;
        //If no file names are specified, create them.
        if (Fileargs.Length < 2)
        {
            dataFile = @"text.txt";
            signedFile = "signedFile.enc";

            if (!File.Exists(dataFile))
            {
                // Create a file to write to.
                using (StreamWriter sw = File.CreateText(dataFile))
                {
                    sw.WriteLine("Here is a message to sign");
                }
            }

        }
        else
        {
            dataFile = Fileargs[0];
            signedFile = Fileargs[1];
        }
        try
        {
            // Create a random key using a random number generator. This would be the
            //  secret key shared by sender and receiver.
            byte[] secretkey = new Byte[64];
            //RNGCryptoServiceProvider is an implementation of a random number generator.
            using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
            {
                // The array is now filled with cryptographically strong random bytes.
                rng.GetBytes(secretkey);

                // Use the secret key to sign the message file.
                SignFile(secretkey, dataFile, signedFile);

                // Verify the signed file
                VerifyFile(secretkey, signedFile);
            }
        }
        catch (IOException e)
        {
            Console.WriteLine("Error: File not found", e);
        }

    }  //end main
    // Computes a keyed hash for a source file and creates a target file with the keyed hash
    // prepended to the contents of the source file. 
    public static void SignFile(byte[] key, String sourceFile, String destFile)
    {
        // Initialize the keyed hash object.
        using (HMACSHA1 hmac = new HMACSHA1(key))
        {
            using (FileStream inStream = new FileStream(sourceFile, FileMode.Open))
            {
                using (FileStream outStream = new FileStream(destFile, FileMode.Create))
                {
                    // Compute the hash of the input file.
                    byte[] hashValue = hmac.ComputeHash(inStream);
                    // Reset inStream to the beginning of the file.
                    inStream.Position = 0;
                    // Write the computed hash value to the output file.
                    outStream.Write(hashValue, 0, hashValue.Length);
                    // Copy the contents of the sourceFile to the destFile.
                    int bytesRead;
                    // read 1K at a time
                    byte[] buffer = new byte[1024];
                    do
                    {
                        // Read from the wrapping CryptoStream.
                        bytesRead = inStream.Read(buffer, 0, 1024);
                        outStream.Write(buffer, 0, bytesRead);
                    } while (bytesRead > 0);
                }
            }
        }
        return;
    } // end SignFile


    // Compares the key in the source file with a new key created for the data portion of the file. If the keys 
    // compare the data has not been tampered with.
    public static bool VerifyFile(byte[] key, String sourceFile)
    {
        bool err = false;
        // Initialize the keyed hash object. 
        using (HMACSHA1 hmac = new HMACSHA1(key))
        {
            // Create an array to hold the keyed hash value read from the file.
            byte[] storedHash = new byte[hmac.HashSize / 8];
            // Create a FileStream for the source file.
            using (FileStream inStream = new FileStream(sourceFile, FileMode.Open))
            {
                // Read in the storedHash.
                inStream.Read(storedHash, 0, storedHash.Length);
                // Compute the hash of the remaining contents of the file.
                // The stream is properly positioned at the beginning of the content, 
                // immediately after the stored hash value.
                byte[] computedHash = hmac.ComputeHash(inStream);
                // compare the computed hash with the stored value

                for (int i = 0; i < storedHash.Length; i++)
                {
                    if (computedHash[i] != storedHash[i])
                    {
                        err = true;
                    }
                }
            }
        }
        if (err)
        {
            Console.WriteLine("Hash values differ! Signed file has been tampered with!");
            return false;
        }
        else
        {
            Console.WriteLine("Hash values agree -- no tampering occurred.");
            return true;
        }

    } //end VerifyFile

} //end class
Imports System.IO
Imports System.Security.Cryptography

Public Class HMACSHA1example

    Public Shared Sub Main(ByVal Fileargs() As String)
        Dim dataFile As String
        Dim signedFile As String
        'If no file names are specified, create them.
        If Fileargs.Length < 2 Then
            dataFile = "text.txt"
            signedFile = "signedFile.enc"

            If Not File.Exists(dataFile) Then
                ' Create a file to write to.
                Using sw As StreamWriter = File.CreateText(dataFile)
                    sw.WriteLine("Here is a message to sign")
                End Using
            End If

        Else
            dataFile = Fileargs(0)
            signedFile = Fileargs(1)
        End If
        Try
            ' Create a random key using a random number generator. This would be the
            '  secret key shared by sender and receiver.
            Dim secretkey() As Byte = New [Byte](63) {}
            'RNGCryptoServiceProvider is an implementation of a random number generator.
            Using rng As New RNGCryptoServiceProvider()
                ' The array is now filled with cryptographically strong random bytes.
                rng.GetBytes(secretkey)

                ' Use the secret key to encode the message file.
                SignFile(secretkey, dataFile, signedFile)

                ' Take the encoded file and decode
                VerifyFile(secretkey, signedFile)
            End Using
        Catch e As IOException
            Console.WriteLine("Error: File not found", e)
        End Try

    End Sub

    ' Computes a keyed hash for a source file and creates a target file with the keyed hash
    ' prepended to the contents of the source file. 
    Public Shared Sub SignFile(ByVal key() As Byte, ByVal sourceFile As String, ByVal destFile As String)
        ' Initialize the keyed hash object.
        Using myhmac As New HMACSHA1(key)
            Using inStream As New FileStream(sourceFile, FileMode.Open)
                Using outStream As New FileStream(destFile, FileMode.Create)
                    ' Compute the hash of the input file.
                    Dim hashValue As Byte() = myhmac.ComputeHash(inStream)
                    ' Reset inStream to the beginning of the file.
                    inStream.Position = 0
                    ' Write the computed hash value to the output file.
                    outStream.Write(hashValue, 0, hashValue.Length)
                    ' Copy the contents of the sourceFile to the destFile.
                    Dim bytesRead As Integer
                    ' read 1K at a time
                    Dim buffer(1023) As Byte
                    Do
                        ' Read from the wrapping CryptoStream.
                        bytesRead = inStream.Read(buffer, 0, 1024)
                        outStream.Write(buffer, 0, bytesRead)
                    Loop While bytesRead > 0
                End Using
            End Using
        End Using
        Return

    End Sub
    ' end SignFile

    ' Compares the key in the source file with a new key created for the data portion of the file. If the keys 
    ' compare the data has not been tampered with.
    Public Shared Function VerifyFile(ByVal key() As Byte, ByVal sourceFile As String) As Boolean
        Dim err As Boolean = False
        ' Initialize the keyed hash object. 
        Using hmac As New HMACSHA1(key)
            ' Create an array to hold the keyed hash value read from the file.
            Dim storedHash(hmac.HashSize / 8 - 1) As Byte
            ' Create a FileStream for the source file.
            Using inStream As New FileStream(sourceFile, FileMode.Open)
                ' Read in the storedHash.
                inStream.Read(storedHash, 0, storedHash.Length - 1)
                ' Compute the hash of the remaining contents of the file.
                ' The stream is properly positioned at the beginning of the content, 
                ' immediately after the stored hash value.
                Dim computedHash As Byte() = hmac.ComputeHash(inStream)
                ' compare the computed hash with the stored value
                Dim i As Integer
                For i = 0 To storedHash.Length - 2
                    If computedHash(i) <> storedHash(i) Then
                        err = True
                    End If
                Next i
            End Using
        End Using
        If err Then
            Console.WriteLine("Hash values differ! Signed file has been tampered with!")
            Return False
        Else
            Console.WriteLine("Hash values agree -- no tampering occurred.")
            Return True
        End If

    End Function 'VerifyFile 
End Class
'end class

注解

HMACSHA1加密哈希算法的一种类型,它是从 SHA1 哈希函数构建的,并用作 HMAC 或基于哈希的消息身份验证代码。HMACSHA1 is a type of keyed hash algorithm that is constructed from the SHA1 hash function and used as an HMAC, or hash-based message authentication code. HMAC 进程将密钥与消息数据混合,使用哈希函数对结果进行哈希运算,再次混合使用密钥的哈希值,然后再次应用哈希函数。The HMAC process mixes a secret key with the message data, hashes the result with the hash function, mixes that hash value with the secret key again, and then applies the hash function a second time. 输出哈希的长度为160位。The output hash is 160 bits in length.

如果发送方和接收方共享密钥,则可以使用 HMAC 来确定通过不安全通道发送的消息是否已被篡改。An HMAC can be used to determine whether a message sent over an insecure channel has been tampered with, provided that the sender and receiver share a secret key. 发件人计算原始数据的哈希值,并以单个消息形式发送原始数据和哈希值。The sender computes the hash value for the original data and sends both the original data and hash value as a single message. 接收方重新计算收到的消息上的哈希值,并检查计算的 HMAC 是否与传输的 HMAC 匹配。The receiver recalculates the hash value on the received message and checks that the computed HMAC matches the transmitted HMAC.

对数据或哈希值所做的任何更改都将导致不匹配,因为更改消息和重现正确的哈希值需要使用机密密钥知识。Any change to the data or the hash value results in a mismatch, because knowledge of the secret key is required to change the message and reproduce the correct hash value. 因此,如果原始和计算所得的哈希值匹配,则将对消息进行身份验证。Therefore, if the original and computed hash values match, the message is authenticated.

SHA-1 (安全哈希算法,也称为 SHS,安全哈希标准)是由美国政府发布的加密哈希算法。The SHA-1 (Secure Hash Algorithm, also called SHS, Secure Hash Standard) is a cryptographic hash algorithm published by the United States Government. 它从任意长度字符串生成160位哈希值。It produces a 160-bit hash value from an arbitrary length string.

HMACSHA1接受任意大小的密钥,并产生长度为160位的哈希序列。HMACSHA1 accepts keys of any size, and produces a hash sequence that is 160 bits in length.

由于与 SHA1 冲突,Microsoft 建议使用 SHA256。Due to collision problems with SHA1, Microsoft recommends SHA256.

构造函数

HMACSHA1()

使用随机生成的密钥初始化 HMACSHA1 类的新实例。Initializes a new instance of the HMACSHA1 class with a randomly generated key.

HMACSHA1(Byte[])

使用指定的密钥数据初始化 HMACSHA1 类的新实例。Initializes a new instance of the HMACSHA1 class with the specified key data.

HMACSHA1(Byte[], Boolean)

使用指定的密钥数据和一个指定是否使用 SHA1 算法托管版本的值,来初始化 HMACSHA1 类的新实例。Initializes a new instance of the HMACSHA1 class with the specified key data and a value that specifies whether to use the managed version of the SHA1 algorithm.

字段

HashSizeValue

表示计算所得的哈希代码的大小(以位为单位)。Represents the size, in bits, of the computed hash code.

(继承自 HashAlgorithm)
HashValue

表示计算所得的哈希代码的值。Represents the value of the computed hash code.

(继承自 HashAlgorithm)
KeyValue

用于哈希算法的密钥。The key to use in the hash algorithm.

(继承自 KeyedHashAlgorithm)
State

表示哈希计算的状态。Represents the state of the hash computation.

(继承自 HashAlgorithm)

属性

CanReuseTransform

获取一个值,该值指示是否可重复使用当前转换。Gets a value indicating whether the current transform can be reused.

(继承自 HashAlgorithm)
CanTransformMultipleBlocks

当在派生类中重写时,获取一个值,该值指示是否可以转换多个块。When overridden in a derived class, gets a value indicating whether multiple blocks can be transformed.

(继承自 HashAlgorithm)
Hash

获取计算所得的哈希代码的值。Gets the value of the computed hash code.

(继承自 HashAlgorithm)
HashName

获取或设置用于哈希计算的哈希算法的名称。Gets or sets the name of the hash algorithm to use for hashing.

HashSize
InputBlockSize

当在派生类中重写时,获取输入块的大小。When overridden in a derived class, gets the input block size.

(继承自 HashAlgorithm)
Key

获取或设置用于哈希算法的密钥。Gets or sets the key to use in the hash algorithm.

OutputBlockSize

当在派生类中重写时,获取输出块的大小。When overridden in a derived class, gets the output block size.

(继承自 HashAlgorithm)

方法

Clear()

释放 HashAlgorithm 类使用的所有资源。Releases all resources used by the HashAlgorithm class.

(继承自 HashAlgorithm)
ComputeHash(Byte[])

计算指定字节数组的哈希值。Computes the hash value for the specified byte array.

(继承自 HashAlgorithm)
ComputeHash(Byte[], Int32, Int32)

计算指定字节数组的指定区域的哈希值。Computes the hash value for the specified region of the specified byte array.

(继承自 HashAlgorithm)
ComputeHash(Stream)

计算指定 Stream 对象的哈希值。Computes the hash value for the specified Stream object.

(继承自 HashAlgorithm)
Dispose()

释放 HashAlgorithm 类的当前实例所使用的所有资源。Releases all resources used by the current instance of the HashAlgorithm class.

(继承自 HashAlgorithm)
Dispose(Boolean)

此成员替代 Dispose(Boolean) 且该主题可能包括更完整的文档。This member overrides Dispose(Boolean), and more complete documentation might be available in that topic.

释放由 KeyedHashAlgorithm 占用的非托管资源,还可以另外再释放托管资源。Releases the unmanaged resources used by the KeyedHashAlgorithm and optionally releases the managed resources.

Equals(Object)

确定指定的对象是否等于当前对象。Determines whether the specified object is equal to the current object.

(继承自 Object)
Finalize()

在垃圾回收将某一对象回收前允许该对象尝试释放资源并执行其他清理操作。Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.

GetHashCode()

用作默认哈希函数。Serves as the default hash function.

(继承自 Object)
GetType()

获取当前实例的 TypeGets the Type of the current instance.

(继承自 Object)
HashCore(Byte[], Int32, Int32)

将写入对象的数据路由到 SHA1 哈希算法以计算基于哈希的消息验证代码 (HMAC)。Routes data written to the object into the SHA1 hash algorithm for computing the Hash-based Message Authentication Code (HMAC).

HashCore(ReadOnlySpan<Byte>)
HashFinal()
Initialize()

初始化 HMACSHA1 的实例。Initializes an instance of HMACSHA1.

MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(继承自 Object)
ToString()

返回一个表示当前对象的 string。Returns a string that represents the current object.

(继承自 Object)
TransformBlock(Byte[], Int32, Int32, Byte[], Int32)

计算输入字节数组指定区域的哈希值,并将输入字节数组指定区域复制到输出字节数组的指定区域。Computes the hash value for the specified region of the input byte array and copies the specified region of the input byte array to the specified region of the output byte array.

(继承自 HashAlgorithm)
TransformFinalBlock(Byte[], Int32, Int32)

计算指定字节数组的指定区域的哈希值。Computes the hash value for the specified region of the specified byte array.

(继承自 HashAlgorithm)
TryComputeHash(ReadOnlySpan<Byte>, Span<Byte>, Int32) (继承自 HashAlgorithm)
TryHashFinal(Span<Byte>, Int32)

显式界面实现

IDisposable.Dispose()

释放由 HashAlgorithm 占用的非托管资源,还可以另外再释放托管资源。Releases the unmanaged resources used by the HashAlgorithm and optionally releases the managed resources.

(继承自 HashAlgorithm)

适用于

另请参阅