Re: Integrirt test at startup



Hi,

the corresponding keyed hash class is called HMACSHA256.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

I am almost there but one question remains: I want to use a key (that
I
store in the registry or db or file) to compute my hash but the func
below
does not allow it?
Thanks for the great info!
"Dominick Baier [DevelopMentor]"
<dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4580be6318099c8c7d9fcbea87135@xxxxxxxxxxxxxxxxxxxxx

byte[] hashFile(string fileName)
{
using (FileStream file = new FileStream(fileName, FileMode.Open,
FileAccess.Read, FileShare.Read))
{
return new SHA256Managed().ComputeHash(file);
}
}
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
That is true (I will put in registry or a file) -- but I do not know
how to
compute a hash on an .exe -- do you have sample or info on that --
would be
greatly appretiated!
Thanks
"Dominick Baier [DevelopMentor]"
<dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4580be6317eac68c7d92562bcb5e6@xxxxxxxxxxxxxxxxxxxxx
Hi,
i would store the "known hash" in a separate location - another
file
or in
a db
Look at System.Security.Cryptography.KeyedHash
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
We need to do an integrity test at startup for our application
(take .exe and compute signature and check against the know
signature). Does anyone have info/sample on doing this? I assume
we have to have a public key and somehow append that on the end of
the application too?

Thank you!



.



Relevant Pages

  • Re: Securing static files
    ... Dominick Baier - DevelopMentor ... they are kicked back to the login page. ... The user may log in with other credentials. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How to determine if the logged on user is in a group
    ... Dominick Baier - DevelopMentor ... I found that you to reboot the SERVER after you create a new group and put users in it so that the new group and the users appear in the whoami list on the server. ... although he is a member of these groups. ...
    (microsoft.public.dotnet.security)
  • Re: HOWTO: Prevent Dynamic Loading of internal Types
    ... Dominick Baier - DevelopMentor ... Henning Krause ... I could get the public key from the entry assembly via ...
    (microsoft.public.dotnet.security)
  • Re: How to call Web Service Securely
    ... which .net version - which type of authentication (username/password against a db??) ... Dominick Baier - DevelopMentor ... make a web method via dialup to my IIS Web Service. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ASP.NET 2.0 Authorization Roles..Got Solution.
    ... the only difference is see with the provider and a normal WindowsPrincipal is, that the machine name for local groups gets stipped out. ... Dominick Baier - DevelopMentor ... I never used WindowsTokenRoleProvider earlier. ...
    (microsoft.public.dotnet.framework.aspnet.security)