public bool VerifySignedToken(string nounce, string ticketLeft, string ticketRight)
{
System.Security.Cryptography.HMACSHA256 hmac = new System.Security.Cryptography.HMACSHA256(UTF8Encoding.UTF8.GetBytes(MasterKey));
string hash = BitConverter.ToString(hmac.ComputeHash(UTF8Encoding.UTF8.GetBytes(nounce))).Replace("-", "");
return(hash == ticketLeft.Trim() + ticketRight.Trim());
}
public Rfc2898DeriveBytes_HMACSHA256(byte[] password, byte[] salt, int iterations)
{
Salt = salt;
IterationCount = iterations;
_hmacsha256 = new HMACSHA256(password);
Initialize();
}
public string GenerateStorageSasTokenWrite(string resourceName, string storageAccountUrl, string storageAccountKey)
{
var storageAccountName = storageAccountUrl.Remove(0, 8).Split('.')[0];
var version = "2018-03-28";
var startTime = DateTime.UtcNow;
var startTimeIso = startTime.ToString("s") + "Z";
var endTimeIso = startTime.AddMinutes(10).ToString("s") + "Z";
var hmacSha256 = new System.Security.Cryptography.HMACSHA256 {
Key = Convert.FromBase64String(storageAccountKey)
};
var payLoad = string.Format(
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n\n\n\n\n",
"rw",
startTimeIso,
endTimeIso,
"/blob/" + storageAccountName + "/" + resourceName,
"",
"",
"https",
"2018-03-28");
var sasToken = storageAccountUrl + resourceName +
"?" +
"sp=rw&st=" + startTimeIso + "&se=" + endTimeIso + "&spr=https" +
"&sv=" + version +
"&sig=" + Uri.EscapeDataString(Convert.ToBase64String(hmacSha256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(payLoad)))) +
"&sr=b";
return(sasToken);
}
/// <summary>
/// This creates the authorization header. This is required, and must be built
/// exactly following the instructions. This will return the authorization header
/// for most storage service calls.
/// Create a string of the message signature and then encrypt it.
/// </summary>
/// <param name="storageAccountName">The name of the storage account to use.</param>
/// <param name="storageAccountKey">The access key for the storage account to be used.</param>
/// <param name="now">Date/Time stamp for now.</param>
/// <param name="httpRequestMessage">The HttpWebRequest that needs an auth header.</param>
/// <param name="ifMatch">Provide an eTag, and it will only make changes
/// to a blob if the current eTag matches, to ensure you don't overwrite someone else's changes.</param>
/// <param name="md5">Provide the md5 and it will check and make sure it matches the blob's md5.
/// If it doesn't match, it won't return a value.</param>
/// <returns></returns>
internal static string AuthorizationHeader(string storageAccountName, string storageAccountKey,
string method, DateTime now, HttpWebRequest request, string ifMatch = "", string md5 = "")
{
string MessageSignature;
//this is the raw representation of the message signature
MessageSignature = String.Format("{0}\n\n\n{1}\n{5}\n\n\n\n{2}\n\n\n\n{3}{4}",
method,
(method == "GET" || method == "HEAD") ? String.Empty : request.ContentLength.ToString(),
ifMatch,
GetCanonicalizedHeaders(request),
GetCanonicalizedResource(request.RequestUri, storageAccountName),
md5
);
//now turn it into a byte array
byte[] SignatureBytes = System.Text.Encoding.UTF8.GetBytes(MessageSignature);
//create the HMACSHA256 version of the storage key
System.Security.Cryptography.HMACSHA256 SHA256 =
new System.Security.Cryptography.HMACSHA256(Convert.FromBase64String(storageAccountKey));
//Compute the hash of the SignatureBytes and convert it to a base64 string.
string signature = Convert.ToBase64String(SHA256.ComputeHash(SignatureBytes));
//this is the actual header that will be added to the list of request headers
string AuthorizationHeader = "SharedKey " + storageAccountName
+ ":" + Convert.ToBase64String(SHA256.ComputeHash(SignatureBytes));
return(AuthorizationHeader);
}
public static string BuildBase64Signature(
string apiKey,
string appId,
Uri rawUri,
HttpMethod httpMethod,
HttpContent content,
string nonce,
string requestTimeStamp
)
{
var requestUri = HttpUtility.UrlEncode(rawUri.AbsoluteUri.ToLower());
var requestHttpMethod = httpMethod.Method;
// Get the content string out of the content.
string requestContentBase64String = ComputeBase64RequestContent(content);
// Rebuild the signature raw data.
var signatureRawData =
$"{appId}{requestHttpMethod}{requestUri}{requestTimeStamp}{nonce}{requestContentBase64String}";
// Get the api key bytes.
var secretKeyBytes = Convert.FromBase64String(apiKey);
// Get the signature.
var signature = Encoding.UTF8.GetBytes(signatureRawData);
// Create HMAC SHA class with key data.
using (var hmac = new HMACSHA256(secretKeyBytes))
{
return Convert.ToBase64String(hmac.ComputeHash(signature));
}
}
public static Digest /*!*/ Initialize(Digest /*!*/ self, [NotNull] MutableString /*!*/ algorithmName)
{
Crypto.HMAC algorithm;
#if SILVERLIGHT
switch (algorithmName.ToString())
{
case "SHA1": algorithm = new Crypto.HMACSHA1(); break;
case "SHA256": algorithm = new Crypto.HMACSHA256(); break;
default: algorithm = null; break;
}
#else
algorithm = Crypto.HMAC.Create("HMAC" + algorithmName.ConvertToString());
#endif
if (algorithm == null)
{
throw RubyExceptions.CreateRuntimeError("Unsupported digest algorithm ({0}).", algorithmName);
}
self._algorithm = algorithm;
return(self);
}
public static byte[] GenerateMac(byte[] clearText, byte[] key)
{
using (HMACSHA256 hmac = new HMACSHA256(key))
{
return hmac.ComputeHash(clearText);
}
}
static byte[] hmacSHA256(String data, String key)
{
using (HMACSHA256 hmac = new HMACSHA256(Encoding.ASCII.GetBytes(key)))
{
return hmac.ComputeHash(Encoding.ASCII.GetBytes(data));
}
}
public byte[] ComputeHmac(string input)
{
using (var hmac = new HMACSHA256(this.signingKey))
{
return hmac.ComputeHash(this.encoding.GetBytes(input));
}
}
public static string CreateToken(string message, string key)
{
var myhmacsha1 = new HMACSHA256(Encoding.ASCII.GetBytes(key));
var byteArray = Encoding.ASCII.GetBytes(message);
var stream = new MemoryStream(byteArray);
return myhmacsha1.ComputeHash(stream).Aggregate("", (s, e) => s + $"{e:x2}", s => s);
}
public byte[] ComputeHmac(byte[] sessionKey, byte[] encrpytedData)
{
using (var hmac = new HMACSHA256(sessionKey))
{
return hmac.ComputeHash(encrpytedData);
}
}
public static void Main (string[] args)
{
var host = "https://api.coinbase.com/";
var apiKey = "yourApiKey";
var apiSecret = "youApiSecret";
var unixTimestamp = (Int32)(DateTime.UtcNow.Subtract (new DateTime (1970, 1, 1))).TotalSeconds;
var currency = "USD";
var message = string.Format ("{0}GET/v2/prices/spot?currency={1}", unixTimestamp.ToString (), currency);
byte[] secretKey = Encoding.UTF8.GetBytes (apiSecret);
HMACSHA256 hmac = new HMACSHA256 (secretKey);
hmac.Initialize ();
byte[] bytes = Encoding.UTF8.GetBytes (message);
byte[] rawHmac = hmac.ComputeHash (bytes);
var signature = rawHmac.ByteArrayToHexString ();
var price = host
.AppendPathSegment ("v2/prices/spot")
.SetQueryParam ("currency", currency)
.WithHeader ("CB-ACCESS-SIGN", signature)
.WithHeader ("CB-ACCESS-TIMESTAMP", unixTimestamp)
.WithHeader ("CB-ACCESS-KEY", apiKey)
.GetJsonAsync<dynamic> ()
.Result;
Console.WriteLine (price.ToString (Formatting.None));
Console.ReadLine ();
}
bool m_isCheckAmazonAwsInstancesEmailWasSent = false; // to avoid sending the same warning email many times; send only once
//# Key derivation functions. See:
//# http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python
internal byte[] sign(byte[] key, string msg)
{
HMACSHA256 hmac = new HMACSHA256(key);
var computedDigest = hmac.ComputeHash(Encoding.UTF8.GetBytes(msg));
return computedDigest;
//return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest();
}
public static string HMACSHA256(string key, string message)
{
using (var hasher = new crypto.HMACSHA256(Encoding.UTF8.GetBytes(key)))
{
return(hasher.ComputeHash(Encoding.UTF8.GetBytes(message)).ToHexString());
}
}
public static bool Verify(string apikey, string token, string timestamp, string signature)
{
var hmac = new HMACSHA256(Encoding.ASCII.GetBytes(apikey));
var sigBytes = hmac.ComputeHash(Encoding.ASCII.GetBytes(timestamp + token));
string sigString = BitConverter.ToString(sigBytes).Replace("-", "");
return signature.Equals(sigString, StringComparison.OrdinalIgnoreCase);
}
public static string issueAzureHTTPRequest(string URI)
{
/** code borrowed & adapted from: http://www.csharp-station.com/HowTo/HttpWebFetch.aspx **/
// used to build entire input
StringBuilder sb = new StringBuilder();
// used on each read operation
byte[] buf = new byte[8192];
// prepare the web page we will be asking for
HttpWebRequest request = (HttpWebRequest)
WebRequest.Create(URI);
String dateInRfc1123Format = DateTime.UtcNow.ToString("R", CultureInfo.InvariantCulture);
WebHeaderCollection myWebHeaders = request.Headers;
myWebHeaders.Add("x-ms-version","2009-09-19");
myWebHeaders.Add("x-ms-date",dateInRfc1123Format);
//do SHA-256 hash of key
string toSign =
"GET\n\n\n\n\n\n\n\n\n\n\n\nx-ms-date:"+dateInRfc1123Format+"\nx-ms-version:2009-09-19\n/"+AccountInfo.AccountName+"/\ncomp:list"; /*CanonicalizedResource*/
byte[] signBytes = System.Text.Encoding.UTF8.GetBytes(toSign);
byte[] hash = new HMACSHA256(Convert.FromBase64String(AccountInfo.AccountKey)).ComputeHash(signBytes);
string signature = System.Convert.ToBase64String(hash);
string authHeaderValue = string.Format(CultureInfo.InvariantCulture, "SharedKey {0}:{1}", AccountInfo.AccountName, signature);
myWebHeaders.Add("Authorization",authHeaderValue);
// execute the request
HttpWebResponse response = (HttpWebResponse)
request.GetResponse();
// we will read data via the response stream
Stream resStream = response.GetResponseStream();
string tempString = null;
int count = 0;
do
{
// fill the buffer with data
count = resStream.Read(buf, 0, buf.Length);
// make sure we read some data
if (count != 0)
{
// translate from bytes to ASCII text
tempString = Encoding.ASCII.GetString(buf, 0, count);
// continue building the string
sb.Append(tempString);
}
}
while (count > 0); // any more data to read?
// print out page source
return sb.ToString();
}
private static byte[] PHash(byte[] secret, byte[] seed, int iterations)
{
using (HMACSHA256 hmac = new HMACSHA256(secret))
{
byte[][] a = new byte[iterations + 1][];
a[0] = seed;
for (int i = 0; i < iterations; i++)
{
a[i + 1] = hmac.ComputeHash(a[i]);
}
byte[] prf = new byte[iterations * 32];
byte[] buffer = new byte[32 + seed.Length];
Buffer.BlockCopy(seed, 0, buffer, 32, seed.Length);
for (int i = 0; i < iterations; i++)
{
Buffer.BlockCopy(a[i + 1], 0, buffer, 0, 32);
byte[] hash = hmac.ComputeHash(buffer);
Buffer.BlockCopy(hash, 0, prf, 32 * i, 32);
}
return prf;
}
}
/// <summary>
/// Computes the hmacSha256 hash of the data using the key given
/// </summary>
/// <param name="keyBytes">The key to use to calculate the hash</param>
/// <param name="dataBytes">The data to use to calculate the hash</param>
/// <returns>The hmacSha256 hash of the data using the key</returns>
private static byte[] ComputeHash( byte[] keyBytes, byte[] dataBytes ) {
byte[] hash;
using( var hmacSha256 = new HMACSHA256( keyBytes ) ) {
hash = hmacSha256.ComputeHash( dataBytes );
}
return hash;
}
/// <summary>Hash new password.</summary>
public static string HashPassword(string password, int security = 256)
{
// You can limit security to 128-bit which will produce
// base64 string, which will fit into a varchar(44) field on the database.
// This will allow to store encrypted password in old password field if its size is limited.
var size = security / 8;
var algorithm = new System.Security.Cryptography.HMACSHA256();
// ----------------------------------------------------------------
// Convert string to bytes.
// Use Unicode, because ASCII doesn't work worldwide and SQL server doesn't support UTF8.
var bytes = System.Text.Encoding.Unicode.GetBytes(password);
// Generate random salt.
var salt = new byte[size];
var generator = System.Security.Cryptography.RandomNumberGenerator.Create();
generator.GetBytes(salt);
// Compute hash.
algorithm.Key = salt;
var hash = algorithm.ComputeHash(bytes);
// Combine salt and hash and convert to HEX.
var baseBytes = new byte[size * 2];
Array.Copy(salt, 0, baseBytes, 0, size);
Array.Copy(hash, 0, baseBytes, size, size);
Console.WriteLine("HashPassword:"******" Salt: {0}", string.Join("", salt.Select(x => x.ToString("X2"))));
Console.WriteLine(" Hash: {0}", string.Join("", hash.Take(size).Select(x => x.ToString("X2"))));
// Convert salt and hash to Base64 string.
var base64 = System.Convert.ToBase64String(baseBytes);
return(base64);
}
/// <summary>
/// Every time is created new instance of class to guarantee thread safety
/// </summary>
/// <param name="function"></param>
/// <returns></returns>
private HMAC GetAlgorithmByFunctionName(string function)
{
HMAC a;
switch(Util.Convertion.EnumNameToValue<HMACFunction>(function))
{
case HMACFunction.HMACMD5:
a = new HMACMD5();
break;
case HMACFunction.HMACSHA1:
a = new HMACSHA1();
break;
case HMACFunction.HMACSHA256:
a = new HMACSHA256();
break;
case HMACFunction.HMACSHA384:
a = new HMACSHA384();
break;
case HMACFunction.HMACSHA512:
a = new HMACSHA512();
break;
default:
throw new ArgumentException("Unknown function", "function");
}
return a;
}
/// <summary>
/// Computes a new hash of <paramref name="data"/> usign the <paramref name="key"/> specified.
/// </summary>
/// <param name="key">A byte array containing the key (secret) to use to generate a hash.</param>
/// <param name="data">A byte arrasy containing the data to be hashed.</param>
/// <returns>A new byte array containing the hash result.</returns>
public byte[] ComputeHash(byte[] key, byte[] data)
{
using (var hasher = new System.Security.Cryptography.HMACSHA256(key))
{
return(hasher.ComputeHash(data));
}
}
public override string ToString()
{
StringBuilder content = new StringBuilder();
content.Append("Issuer=").Append(this.Issuer);
for (int i = 0; i < this.claims.Count; i++)
{
var claim = claims[i];
if (i == 0)
content.Append('&').Append("Claims").Append('=');
content.AppendFormat("{0}:{1}:{2}", claim.ClaimType, claim.Resource, claim.Right);
if (i < this.claims.Count - 1)
content.Append(',');
}
content.Append("&ExpiresOn=").Append(this.ExpiresOn);
if (!string.IsNullOrWhiteSpace(this.Audience))
{
content.Append("&Audience=").Append(this.Audience);
}
using (HMACSHA256 hmac = new HMACSHA256(keyBytes))
{
byte[] signatureBytes = hmac.ComputeHash(Encoding.ASCII.GetBytes(content.ToString()));
string signature = System.Web.HttpUtility.UrlEncode(Convert.ToBase64String(signatureBytes));
content.Append("&HMACSHA256=").Append(signature);
}
return content.ToString();
}
public static byte[] HMACSHA256(byte[] key, byte[] data)
{
using (var hmac = new HMACSHA256(key))
{
return hmac.ComputeHash(data);
}
}
protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
string requestContentBase64String = string.Empty;
string requestUri = System.Web.HttpUtility.UrlEncode(request.RequestUri.AbsoluteUri.ToLower());
//Checking if the request contains body, usually will be null wiht HTTP GET
if (request.Content != null)
{
using (var md5 = MD5.Create())
{
var content = await request.Content.ReadAsByteArrayAsync();
//Hashing the request body, any change in request body will result in different hash, we'll incure message integrity
var requestContentHash = md5.ComputeHash(content);
requestContentBase64String = Convert.ToBase64String(requestContentHash);
}
}
//create random nonce for each request
var nonce = Guid.NewGuid().ToString("N");
//Creating the raw signature string
var signatureRawData = string.Concat(_apiKey, "POST", requestUri, nonce, requestContentBase64String);
var secretKeyByteArray = Convert.FromBase64String(_apiSecret);
var signature = Encoding.UTF8.GetBytes(signatureRawData);
using (var hmac = new HMACSHA256(secretKeyByteArray))
{
var signatureBytes = hmac.ComputeHash(signature);
var requestSignatureBase64String = Convert.ToBase64String(signatureBytes);
//Setting the values in the Authorization header using custom scheme (amx)
request.Headers.Authorization = new AuthenticationHeaderValue("amx", string.Format("{0}:{1}:{2}", _apiKey, requestSignatureBase64String, nonce));
}
return await base.SendAsync(request, cancellationToken);
}
// Decrypt the encoded file and compare to original file.
public static bool DecodeFile(byte[] key, String sourceFile)
{
// Initialize the keyed hash object.
HMACSHA256 hmacsha256 = new HMACSHA256(key);
// Create an array to hold the keyed hash value read from the file.
byte[] storedHash = new byte[hmacsha256.HashSize / 8];
// Create a FileStream for the source file.
FileStream inStream = new FileStream(sourceFile, FileMode.Open);
// Read in the storedHash.
inStream.Read(storedHash, 0, storedHash.Length);
// Compute the hash of the remaining contents of the file.
// The stream is properly positioned at the beginning of the content,
// immediately after the stored hash value.
byte[] computedHash = hmacsha256.ComputeHash(inStream);
// compare the computed hash with the stored value
for (int i = 0; i < storedHash.Length; i++)
{
if (computedHash[i] != storedHash[i])
{
Console.WriteLine("Hash values differ! Encoded file has been tampered with!");
return false;
}
}
Console.WriteLine("Hash values agree -- no tampering occurred.");
return true;
}
public static string GenerateHMACSHA256AuthorisationToken(string sessionToken, string sharedSecret, out string dateString)
{
if (String.IsNullOrWhiteSpace(sharedSecret))
{
throw new ArgumentNullException("sharedSecret");
}
if (String.IsNullOrWhiteSpace(sessionToken))
{
throw new ArgumentNullException("sessionToken");
}
// Generate UTC ISO 8601 date string.
dateString = DateTime.UtcNow.ToString("o");
// 1. Combine the Token and current date time in UTC using ISO 8601 format.
byte[] messageBytes = Encoding.ASCII.GetBytes(sessionToken + ":" + dateString);
// 2. Calculate the HMAC SHA 256 using the Consumer Secret and then Base64 encode.
byte[] keyBytes = Encoding.ASCII.GetBytes(sharedSecret);
string hmacsha256EncodedString;
using (HMACSHA256 hmacsha256 = new HMACSHA256(keyBytes))
{
byte[] hashMessage = hmacsha256.ComputeHash(messageBytes);
hmacsha256EncodedString = Convert.ToBase64String(hashMessage);
}
// 3. Combine the Token with the resulting string from above separated by a colon.
string combinedMessage = sessionToken + ":" + hmacsha256EncodedString;
// 4. Base64 encode this string.
string base64EncodedString = Convert.ToBase64String(Encoding.ASCII.GetBytes(combinedMessage));
// 5. Prefix this string with the Authentication Method and a space.
return AuthorisationMethod.HMACSHA256.ToString() + " " + base64EncodedString;
}
public CyanAccount(string accountName, string accountSecret)
{
Name = accountName;
var key = Convert.FromBase64String(accountSecret);
signatureHasher = new HMACSHA256(key);
}
public static string GetAuthorizationHeader(string macKeyIdentifier, string macKey, string macAlgorithm, string method, Uri uri)
{
TimeSpan t = (DateTime.UtcNow - new DateTime(1970, 1, 1));
string timestamp = ((int)t.TotalSeconds).ToString();
string nonce = new Random().Next().ToString();
string normalizedString = string.Format("{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n\n", timestamp, nonce, method, uri.PathAndQuery, uri.Host, uri.Port);
HashAlgorithm hashGenerator = null;
if (macAlgorithm == "hmac-sha-256")
{
hashGenerator = new HMACSHA256(Encoding.ASCII.GetBytes(macKey));
}
else if (macAlgorithm == "hmac-sha-1")
{
hashGenerator = new HMACSHA1(Encoding.ASCII.GetBytes(macKey));
}
else
{
throw new InvalidOperationException("Unsupported MAC algorithm");
}
string hash = System.Convert.ToBase64String(hashGenerator.ComputeHash(Encoding.ASCII.GetBytes(normalizedString)));
StringBuilder authorizationHeader = new StringBuilder();
authorizationHeader.AppendFormat(@"id=""{0}"",ts=""{1}"",nonce=""{2}"",mac=""{3}""", macKeyIdentifier, timestamp, nonce, hash);
return authorizationHeader.ToString();
}
private string ComputePayloadSig(string secret, string payload)
{
// from : https://github.com/laktak/discourse-sso/blob/master/src/Handler.cs
var hash = new System.Security.Cryptography.HMACSHA256(Encoding.UTF8.GetBytes(secret)).ComputeHash(Encoding.UTF8.GetBytes(payload));
return(string.Join("", hash.Select(b => String.Format("{0:x2}", b))));
}
public Tuple <string, string> GetSignedToken(string nounce)
{
System.Security.Cryptography.HMACSHA256 hmac = new System.Security.Cryptography.HMACSHA256(UTF8Encoding.UTF8.GetBytes(MasterKey));
string hash = BitConverter.ToString(hmac.ComputeHash(UTF8Encoding.UTF8.GetBytes(nounce))).Replace("-", "");
return(new Tuple <string, string>(hash.Left(6), hash.Substring(6)));
}
public static FacebookSignedRequestResult Verify(string appSecret, string signedRequest)
{
var hmacsha256 = new HMACSHA256(Encoding.UTF8.GetBytes(appSecret));
var javaScriptSerializer = new JavaScriptSerializer();
if (string.IsNullOrEmpty(signedRequest) || !signedRequest.Contains("."))
{
return new FacebookSignedRequestResult(false, string.Empty, string.Empty, null, null);
}
var split = signedRequest.Split('.');
var providedPayloadHash = split[0];
var requestPayload = split[1];
byte[] hashBytes = hmacsha256.ComputeHash(Encoding.UTF8.GetBytes(requestPayload));
string calculatedHash = Convert.ToBase64String(hashBytes);
string modifiedBase64Hash = ConvertToModifiedBase64(calculatedHash);
string payloadBase64 = ConvertFromModifiedBase64(requestPayload);
byte[] payloadBytes = Convert.FromBase64String(payloadBase64);
string payloadJson = Encoding.UTF8.GetString(payloadBytes);
var request = javaScriptSerializer.Deserialize<FacebookSignedRequest>(payloadJson);
return new FacebookSignedRequestResult(providedPayloadHash == modifiedBase64Hash, request.user_id, request.app_data, request.page, request.user);
}
// Computes a keyed hash for a source file, creates a target file with the keyed hash
// prepended to the contents of the source file, then decrypts the file and compares
// the source and the decrypted files.
public static void EncodeFile(byte[] key, String sourceFile, String destFile)
{
// Initialize the keyed hash object.
HMACSHA256 myhmacsha256 = new HMACSHA256(key);
FileStream inStream = new FileStream(sourceFile, FileMode.Open);
FileStream outStream = new FileStream(destFile, FileMode.Create);
// Compute the hash of the input file.
byte[] hashValue = myhmacsha256.ComputeHash(inStream);
// Reset inStream to the beginning of the file.
inStream.Position = 0;
// Write the computed hash value to the output file.
outStream.Write(hashValue, 0, hashValue.Length);
// Copy the contents of the sourceFile to the destFile.
int bytesRead;
// read 1K at a time
byte[] buffer = new byte[1024];
do
{
// Read from the wrapping CryptoStream.
bytesRead = inStream.Read(buffer, 0, 1024);
outStream.Write(buffer, 0, bytesRead);
} while (bytesRead > 0);
myhmacsha256.Clear();
// Close the streams
inStream.Close();
outStream.Close();
return;
}
/// <summary>
/// The function can be used to generate a hashed version of a user-provided password
/// to store in a database for authentication purposes.
/// </summary>
/// <param name="password">The secret password to generate the key from.</param>
/// <param name="salt">A (byte) string to use for better protection from dictionary attacks.</param>
/// <param name="dklen">The cumulative length of the keys to produce.</param>
/// <param name="count">Iteration count.</param>
/// <returns>A byte string of length dklen that can be used as key material.</returns>
/// <seealso cref="https://stackoverflow.com/questions/18648084/rfc2898-pbkdf2-with-sha256-as-digest-in-c-sharp"/>
/// <seealso cref="https://pycryptodome.readthedocs.io/en/latest/src/protocol/kdf.html"/>
static byte[] PBKDF2_SHA256_GetBytes(byte[] password, byte[] salt, int dklen, int count)
{
// NOTE: The iteration count should be as high as possible without causing
// unreasonable delay. Note also that the password and salt are byte arrays, not strings.
// After use, the password and salt should be cleared (with Array.Clear)
using (var hmac = new System.Security.Cryptography.HMACSHA256(password))
{
int hashLength = hmac.HashSize / 8;
if ((hmac.HashSize & 7) != 0)
{
hashLength++;
}
int keyLength = dklen / hashLength;
if ((long)dklen > (0xFFFFFFFFL * hashLength) || dklen < 0)
{
throw new ArgumentOutOfRangeException("dklen");
}
if (dklen % hashLength != 0)
{
keyLength++;
}
byte[] extendedkey = new byte[salt.Length + 4];
Buffer.BlockCopy(salt, 0, extendedkey, 0, salt.Length);
using (var ms = new System.IO.MemoryStream())
{
for (int i = 0; i < keyLength; i++)
{
extendedkey[salt.Length] = (byte)(((i + 1) >> 24) & 0xFF);
extendedkey[salt.Length + 1] = (byte)(((i + 1) >> 16) & 0xFF);
extendedkey[salt.Length + 2] = (byte)(((i + 1) >> 8) & 0xFF);
extendedkey[salt.Length + 3] = (byte)(((i + 1)) & 0xFF);
byte[] u = hmac.ComputeHash(extendedkey);
Array.Clear(extendedkey, salt.Length, 4);
byte[] f = u;
for (int j = 1; j < count; j++)
{
u = hmac.ComputeHash(u);
for (int k = 0; k < f.Length; k++)
{
f[k] ^= u[k];
}
}
ms.Write(f, 0, f.Length);
Array.Clear(u, 0, u.Length);
Array.Clear(f, 0, f.Length);
}
byte[] dk = new byte[dklen];
ms.Position = 0;
ms.Read(dk, 0, dklen);
ms.Position = 0;
for (long i = 0; i < ms.Length; i++)
{
ms.WriteByte(0);
}
Array.Clear(extendedkey, 0, extendedkey.Length);
return(dk);
}
}
}
static JsonWebToken()
{
HashAlgorithms = new Dictionary<JwtHashAlgorithm, Func<byte[], byte[], byte[]>>
{
{JwtHashAlgorithm.RS256, (key, value) =>
{
using (var sha = new HMACSHA256(key))
{
return sha.ComputeHash(value);
}
}
},
{JwtHashAlgorithm.HS384, (key, value) =>
{
using (var sha = new HMACSHA384(key))
{
return sha.ComputeHash(value);
}
}
},
{JwtHashAlgorithm.HS512, (key, value) =>
{
using (var sha = new HMACSHA512(key))
{
return sha.ComputeHash(value);
}
}
}
};
}
public static string AuthorizationHeader(
string storageAccount,
string storageKey,
string method,
DateTime now,
HttpRequestMessage request,
string ifMatch = "",
string contentMD5 = "",
string size = "",
string contentType = "")
{
string stringToSign = string.Format(
"{0}\n\n\n{1}\n{5}\n{6}\n\n\n{2}\n\n\n\n{3}{4}",
method,
(size == string.Empty) ? string.Empty : size,
ifMatch,
GetCanonicalizedHeaders(request),
GetCanonicalizedResource(request.RequestUri, storageAccount),
contentMD5,
contentType);
byte[] signatureBytes = Encoding.UTF8.GetBytes(stringToSign);
string authorizationHeader;
using (HMACSHA256 hmacsha256 = new HMACSHA256(Convert.FromBase64String(storageKey)))
{
authorizationHeader = "SharedKey " + storageAccount + ":"
+ Convert.ToBase64String(hmacsha256.ComputeHash(signatureBytes));
}
return authorizationHeader;
}
public static byte[] Protect(byte[] encryptionKey, byte[] validationKey, byte[] initializationVector, byte[] plainText)
{
using (var provider = new AesCryptoServiceProvider())
{
using (ICryptoTransform transform = provider.CreateEncryptor(encryptionKey, initializationVector))
{
using (var ms = new MemoryStream())
{
ms.Write(initializationVector, 0, initializationVector.Length);
using (var cryptoStream = new CryptoStream(ms, transform, CryptoStreamMode.Write))
{
// Encrypted payload
cryptoStream.Write(plainText, 0, plainText.Length);
cryptoStream.FlushFinalBlock();
// Compute signature
using (var sha = new HMACSHA256(validationKey))
{
checked
{
byte[] signature = sha.ComputeHash(ms.GetBuffer(), 0, (int)ms.Length);
// Write the signature to the paylod
ms.Write(signature, 0, signature.Length);
// Final bytes
return ms.ToArray();
}
}
}
}
}
}
}
/// <summary>
/// Encrypt a message using AES in CBC (cipher-block chaining) mode.
/// </summary>
/// <param name="plaintext">The message (plaintext) to encrypt</param>
/// <param name="key">An AES key</param>
/// <param name="iv">The IV to use or null to use a 0 IV</param>
/// <param name="addHmac">When set, a SHA256-based HMAC (HMAC256) of 32 bytes using the same key is added to the plaintext
/// before it is encrypted.</param>
/// <returns>The ciphertext derived by encrypting the orignal message using AES in CBC mode</returns>
public static byte[] EncryptAesCbc(byte[] plaintext, byte[] key, byte[] iv = null, bool addHmac = false)
{
using (Aes aes =Aes.Create())
// using (AesCryptoServiceProvider aes = new AesCryptoServiceProvider())
{
aes.Key = key;
if (iv == null)
iv = NullIv;
aes.Mode = CipherMode.CBC;
aes.IV = iv;
// Encrypt the message with the key using CBC and InitializationVector=0
byte[] cipherText;
using (System.IO.MemoryStream ciphertext = new System.IO.MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ciphertext, aes.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(plaintext, 0, plaintext.Length);
if (addHmac)
{
byte[] hmac = new HMACSHA256(key).ComputeHash(plaintext);
cs.Write(hmac, 0, hmac.Length);
}
cs.Flush();
}
cipherText = ciphertext.ToArray();
}
return cipherText;
}
}
/// <summary>
/// C# version of the Objective-C algorithm found in Firefox Home.
/// </summary>
/// <param name="key"></param>
/// <param name="info"></param>
/// <param name="length"></param>
/// <returns></returns>
public static byte[] HDKFSHA256ExpandWithInfo(this byte[] key, byte[] info, int length)
{
int iterations = (length + SHA256_DIGEST_LENGTH - 1) / SHA256_DIGEST_LENGTH;
byte[] tr = new byte[iterations * SHA256_DIGEST_LENGTH];
byte[] tn = new byte[0];
byte[] tnSha = new byte[0];
int lengthCopied = 0;
using (HMACSHA256 hmacSha256 = new HMACSHA256(key))
{
for (int i = 0; i < iterations; i++)
{
tn = new byte[tnSha.Length + info.Length + 1];
Array.Copy(tnSha, 0, tn, 0, tnSha.Length);
Array.Copy(info, 0, tn, tnSha.Length, info.Length);
tn[tnSha.Length + info.Length] = (byte) (i + 1);
tnSha = hmacSha256.ComputeHash(tn);
Array.Copy(tnSha, 0, tr, lengthCopied, tnSha.Length);
lengthCopied += tnSha.Length;
}
}
byte[] result = new byte[length];
Array.Copy(tr, result, length);
return result;
}
protected void TestButton_Click(object sender, EventArgs e)
{
// Define key and data string.
var k = "test key";
var s = "Encoding-编码-암호화-表現形式";
var kb = System.Text.Encoding.UTF8.GetBytes(k);
var sb = System.Text.Encoding.UTF8.GetBytes(s);
// Test SHA256.
WriteLog("// Create SHA256 Algorithm");
var sha256 = new System.Security.Cryptography.SHA256CryptoServiceProvider();
var hash = System.BitConverter.ToString(sha256.ComputeHash(sb));
WriteLog("sha256.ComputeHash('" + s + "') = " + hash);
//WriteLog("// Create SHA256 Algorithm");
//var sha2 = new SHA256Managed();
//hash = System.BitConverter.ToString(sha2.ComputeHash(sb));
//WriteLog("sha2.ComputeHash('" + s + "') = " + hash);
//WriteLog(sha2.Log.ToString());
// Test HMACSHA256.
Trace.Write("// Create HMAC-SHA256 Algorithm");
var hmac = new System.Security.Cryptography.HMACSHA256(kb);
hash = System.BitConverter.ToString(hmac.ComputeHash(sb));
WriteLog("hmac.ComputeHash('" + k + "','" + s + "') = " + hash);
}
/// <summary>
/// Computes the <see cref="HMACSHA256"/> hash of the string using the given
/// salt and <c cref="Encoding.UTF8">UTF8 Encoding</c>
/// </summary>
/// <param name="plainText"></param>
/// <param name="salt"></param>
/// <returns></returns>
public static byte[] ComputeHash(this string plainText, string salt)
{
var encoding = Encoding.UTF8;
using (var sha = new HMACSHA256(Encoding.UTF8.GetBytes(salt))) {
return sha.ComputeHash(encoding.GetBytes(plainText));
}
}
/// <summary>
/// Generates the private key for a specific domain, based on the master key.
/// </summary>
/// <returns>
/// The private key.
/// </returns>
/// <param name='masterKey'>
/// The master key.
/// </param>
/// <param name='domain'>
/// The domain.
/// </param>
public byte[] GeneratePrivateKey(byte[] masterKey, string domain)
{
using(HMACSHA256 hmac = new HMACSHA256(masterKey))
{
return hmac.ComputeHash(Encoding.UTF8.GetBytes(domain));
}
}
private void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA256())
{
passwordSalt = hmac.Key;
passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
}
}
/// <summary>
///
/// </summary>
/// <param name="header"></param>
/// <param name="payload"></param>
/// <param name="secret"></param>
/// <returns></returns>
private static byte[] HS256(string header, string payload, string secret)
{
using (var hasher = new System.Security.Cryptography.HMACSHA256(Encoding.UTF8.GetBytes(secret)))
{
var bytes = Encoding.UTF8.GetBytes(string.Format("{0}.{1}", header, payload));
return(hasher.ComputeHash(bytes));
}
}
/// <summary>
/// Computes the "Hi()"-formula which is part of the client's response
/// to the server challenge.
/// </summary>
/// <param name="password">The supplied password to use.</param>
/// <param name="salt">The salt received from the server.</param>
/// <param name="count">The iteration count.</param>
/// <returns>An array of bytes containing the result of the
/// computation of the "Hi()"-formula.</returns>
/// <remarks>Hi is, essentially, PBKDF2 with HMAC as the
/// pseudorandom function (PRF) and with dkLen == output length of
/// HMAC() == output length of H(). (Refer to RFC 5802, p.6)</remarks>
private byte[] Hi(string password, string salt, int count)
{
byte[] passwordBytes = Encoding.ASCII.GetBytes(password);
// The salt is sent by the server as a base64-encoded string.
byte[] saltBytes = Convert.FromBase64String(salt);
HMAC hmac = new System.Security.Cryptography.HMACSHA256(passwordBytes);
return(PBKDF2(32, passwordBytes, saltBytes, count, hmac));
}
private byte[] PBKDF2Sha256GetBytes(int dklen, byte[] password, byte[] salt, int iterationCount)
{
using (var hmac = new System.Security.Cryptography.HMACSHA256(password))
{
int hashLength = hmac.HashSize / 8;
if ((hmac.HashSize & 7) != 0)
{
hashLength++;
}
int keyLength = dklen / hashLength;
if ((long)dklen > (0xFFFFFFFFL * hashLength) || dklen < 0)
{
throw new ArgumentOutOfRangeException("dklen");
}
if (dklen % hashLength != 0)
{
keyLength++;
}
byte[] extendedkey = new byte[salt.Length + 4];
Buffer.BlockCopy(salt, 0, extendedkey, 0, salt.Length);
using (var ms = new System.IO.MemoryStream())
{
for (int i = 0; i < keyLength; i++)
{
extendedkey[salt.Length] = (byte)(((i + 1) >> 24) & 0xFF);
extendedkey[salt.Length + 1] = (byte)(((i + 1) >> 16) & 0xFF);
extendedkey[salt.Length + 2] = (byte)(((i + 1) >> 8) & 0xFF);
extendedkey[salt.Length + 3] = (byte)(((i + 1)) & 0xFF);
byte[] u = hmac.ComputeHash(extendedkey);
Array.Clear(extendedkey, salt.Length, 4);
byte[] f = u;
for (int j = 1; j < iterationCount; j++)
{
u = hmac.ComputeHash(u);
for (int k = 0; k < f.Length; k++)
{
f[k] ^= u[k];
}
}
ms.Write(f, 0, f.Length);
Array.Clear(u, 0, u.Length);
Array.Clear(f, 0, f.Length);
}
byte[] dk = new byte[dklen];
ms.Position = 0;
ms.Read(dk, 0, dklen);
ms.Position = 0;
for (long i = 0; i < ms.Length; i++)
{
ms.WriteByte(0);
}
Array.Clear(extendedkey, 0, extendedkey.Length);
return(dk);
}
}
}
string HmacSha256Digest(string message, string secret)
{
ASCIIEncoding encoding = new ASCIIEncoding();
byte[] keyBytes = encoding.GetBytes(secret);
byte[] messageBytes = encoding.GetBytes(message);
System.Security.Cryptography.HMACSHA256 cryptographer = new System.Security.Cryptography.HMACSHA256(keyBytes);
byte[] bytes = cryptographer.ComputeHash(messageBytes);
return(BitConverter.ToString(bytes).Replace("-", "").ToLower());
}
public static string GetHMACSHA256Base64String(string str, string keyStr)
{
byte[] bytes = System.Text.Encoding.ASCII.GetBytes(str);
byte[] key = System.Text.Encoding.ASCII.GetBytes(keyStr);
using (System.Security.Cryptography.HMACSHA256 hmacsha256 = new System.Security.Cryptography.HMACSHA256(key))
{
byte[] s = hmacsha256.ComputeHash(bytes);
return(Convert.ToBase64String(s));
}
}
private static string CreateHmac(string secret, string data)
{
var myEncoder = new System.Text.UTF8Encoding();
var secretBytes = myEncoder.GetBytes(secret);
var dataBytes = myEncoder.GetBytes(data);
var myHMACSHA1 = new System.Security.Cryptography.HMACSHA256(secretBytes);
var HashCode = myHMACSHA1.ComputeHash(dataBytes);
var hash = BitConverter.ToString(HashCode).Replace("-", "");
return(hash.ToLower());
}
string GenerateHash(string text, string key)
{
var encoding = new ASCIIEncoding();
var textBytes = encoding.GetBytes(text);
var keyBytes = encoding.GetBytes(key);
byte[] hasBytes;
using var hash = new System.Security.Cryptography.HMACSHA256(keyBytes);
hasBytes = hash.ComputeHash(textBytes);
return(BitConverter.ToString(hasBytes).Replace("-", "").ToLower());
}
public static string CreateToken(string string_to_sign, string secret)
{
secret = secret ?? "";
var encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(secret);
byte[] messageBytes = encoding.GetBytes(string_to_sign);
using (var hmacsha256 = new System.Security.Cryptography.HMACSHA256(keyByte))
{
byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
return(string.Join("", Array.ConvertAll(hashmessage, b => b.ToString("x2"))));
}
}
public static string HACSHA(byte[] key, byte[] data, long pos, int length)
{
using (var shaAlgorithm = new System.Security.Cryptography.HMACSHA256(key))
{
byte[] realData = new byte[length];
for (int i = 0; i < length; i++)
{
realData[i] = data[pos + i];
}
var signatureHashBytes = shaAlgorithm.ComputeHash(realData);
var signatureHashHex = string.Concat(Array.ConvertAll(signatureHashBytes, b => b.ToString("X2"))).ToLower();
return(signatureHashHex);
}
}
/// <summary>
/// 雜湊
/// </summary>
/// <param name="message">訊息</param>
/// <param name="key">秘密金鑰</param>
/// <returns></returns>
public string Hash(string message, string key)
{
// UTF8 not emit BOM, https://docs.microsoft.com/zh-tw/dotnet/api/system.text.utf8encoding?view=netcore-3.1
UTF8Encoding utf8 = new UTF8Encoding();
byte[] messageBytes = utf8.GetBytes(message);
byte[] keyBytes = utf8.GetBytes(key);
using (Cryptography.HMACSHA256 hmacsha256 = new Cryptography.HMACSHA256(keyBytes))
{
byte[] hashedBytes = hmacsha256.ComputeHash(messageBytes);
return(BitConverter.ToString(hashedBytes).Replace("-", string.Empty).ToLower());
}
}
private bool VerityPasswordHash(string password, string passwordHash, string salt)
{
byte[] saltByte = Convert.FromBase64String(salt);
using (var hmac = new System.Security.Cryptography.HMACSHA256(saltByte))
{
var ComputedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(password));
if (Convert.ToBase64String(ComputedHash) != passwordHash)
{
return(false);
}
}
return(true);
}
private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA256(passwordSalt))
{
var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i < computedHash.Length; i++)
{
if (computedHash[i] != passwordHash[i])
{
return(false);
}
}
return(true);
}
}
private string sha256(string planeStr, string key)
{
System.Text.UTF8Encoding ue = new System.Text.UTF8Encoding();
byte[] planeBytes = ue.GetBytes(planeStr);
byte[] keyBytes = ue.GetBytes(key);
System.Security.Cryptography.HMACSHA256 sha256 = new System.Security.Cryptography.HMACSHA256(keyBytes);
byte[] hashBytes = sha256.ComputeHash(planeBytes);
string hashStr = "";
foreach (byte b in hashBytes)
{
hashStr += string.Format("{0,0:x2}", b);
}
return(hashStr);
}
public static string HMACSHA256(string input, string key)
{
var keyBytes = System.Text.Encoding.ASCII.GetBytes(key);
using (var alg = new System.Security.Cryptography.HMACSHA256(keyBytes)) {
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
byte[] hash = alg.ComputeHash(inputBytes);
var sb = new System.Text.StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("x2"));
}
return(sb.ToString().ToLower());
}
}
public static bool IsValidPassword(string password, string base64)
{
// ----------------------------------------------------------------
if (string.IsNullOrEmpty(password))
{
return(false);
}
if (string.IsNullOrEmpty(base64))
{
return(false);
}
// Try parse salt and hash from base64.
byte[] baseBytes;
try { baseBytes = System.Convert.FromBase64String(base64); }
catch { return(false); }
// Get size of salt and hash.
var size = baseBytes.Length / 2;
var salt = new byte[size];
var hash = new byte[size];
Array.Copy(baseBytes, 0, salt, 0, size);
Array.Copy(baseBytes, size, hash, 0, size);
Console.WriteLine("IsValidPassword:"******" Salt: {0}", string.Join("", salt.Select(x => x.ToString("X2"))));
Console.WriteLine(" Hash: {0}", string.Join("", hash.Take(size).Select(x => x.ToString("X2"))));
// ----------------------------------------------------------------
// Convert string to bytes.
// Use Unicode, because ASCII doesn't work worldwide and SQL server doesn't support UTF8.
var passwordBytes = System.Text.Encoding.Unicode.GetBytes(password);
var algorithm = new System.Security.Cryptography.HMACSHA256();
algorithm.Key = salt;
var passwordHash = algorithm.ComputeHash(passwordBytes);
// Compare first specified bytes.
for (int i = 0; i < size; i++)
{
if (passwordHash[i] != hash[i])
{
// Password hash bytes do not match.
return(false);
}
}
// Password hash bytes match.
return(true);
}
public static string HmacSha256(string plain)
{
string secretKey = "eastmoney88";
var keyBytes = Encoding.UTF8.GetBytes(secretKey);
var plainBytes = Encoding.UTF8.GetBytes(plain);
using (var hmacsha256 = new System.Security.Cryptography.HMACSHA256(keyBytes))
{
var sb = new StringBuilder();
var hashValue = hmacsha256.ComputeHash(plainBytes);
foreach (byte x in hashValue)
{
sb.Append($"{x:x2}");
}
return(sb.ToString());
}
}
public Ping handlePing(byte[] body, string signature, Options opts = null)
{
var binApikey = Encoding.UTF8.GetBytes(apikey);
var hasher = new System.Security.Cryptography.HMACSHA256(binApikey);
var binDigest = hasher.ComputeHash(body);
var digest = Convert.ToBase64String(binDigest);
if (!constTimeEquals(digest, signature))
{
throw new Exception("invalid ping signature");
}
using (var ms = new MemoryStream(body))
using (var sr = new StreamReader(ms))
using (var jtr = new JsonTextReader(sr))
{
return(JsonSerializer.Create().Deserialize <Ping>(jtr));
}
}
// Part of article: https://github.com/JocysCom/ShellScripts/wiki/HMAC-for-SQL
public static int ProcessArguments(string[] args)
{
// Use Unicode, because ASCII doesn't work worldwide.
var base64 = HashPassword("Password", 128);
var isValid = IsValidPassword("Password", base64);
Console.WriteLine("Results:");
Console.WriteLine(" IsValid: {0}, base64: {1}", isValid, base64);
Console.WriteLine();
Console.WriteLine("-------");
var key = StringToByteArray("0x63727970746969");
var data = StringToByteArray("0x68656C6C6F21");
var algorithm = new System.Security.Cryptography.HMACSHA256();
algorithm.Key = key;
var hash = algorithm.ComputeHash(data);
Console.WriteLine(" Hash: {0}", string.Join("", hash.Select(x => x.ToString("X2"))));
return(0);
}
