Re: Integrirt test at startup

From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 28 Dec 2005 14:15:46 -0800

Hi,

the corresponding keyed hash class is called HMACSHA256.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

I am almost there but one question remains: I want to use a key (that
I
store in the registry or db or file) to compute my hash but the func
below
does not allow it?
Thanks for the great info!
"Dominick Baier [DevelopMentor]"
<dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4580be6318099c8c7d9fcbea87135@xxxxxxxxxxxxxxxxxxxxx

byte[] hashFile(string fileName)
{
using (FileStream file = new FileStream(fileName, FileMode.Open,
FileAccess.Read, FileShare.Read))
{
return new SHA256Managed().ComputeHash(file);
}
}
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

That is true (I will put in registry or a file) -- but I do not know
how to
compute a hash on an .exe -- do you have sample or info on that --
would be
greatly appretiated!
Thanks
"Dominick Baier [DevelopMentor]"
<dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4580be6317eac68c7d92562bcb5e6@xxxxxxxxxxxxxxxxxxxxx

Hi,
i would store the "known hash" in a separate location - another
file
or in
a db
Look at System.Security.Cryptography.KeyedHash
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

We need to do an integrity test at startup for our application
(take .exe and compute signature and check against the know
signature). Does anyone have info/sample on doing this? I assume
we have to have a public key and somehow append that on the end of
the application too?

Thank you!

Follow-Ups:
- Re: Integrirt test at startup
  - From: devgrt

References:
- Re: Integrirt test at startup
  - From: devgrt

Prev by Date: Re: Integrirt test at startup
Next by Date: Re: Integrirt test at startup
Previous by thread: Re: Integrirt test at startup
Next by thread: Re: Integrirt test at startup
Index(es):
- Date
- Thread

Relevant Pages

Re: Securing static files
... Dominick Baier - DevelopMentor ... they are kicked back to the login page. ... The user may log in with other credentials. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: How to determine if the logged on user is in a group
... Dominick Baier - DevelopMentor ... I found that you to reboot the SERVER after you create a new group and put users in it so that the new group and the users appear in the whoami list on the server. ... although he is a member of these groups. ...
(microsoft.public.dotnet.security)
Re: HOWTO: Prevent Dynamic Loading of internal Types
... Dominick Baier - DevelopMentor ... Henning Krause ... I could get the public key from the entry assembly via ...
(microsoft.public.dotnet.security)
Re: How to call Web Service Securely
... which .net version - which type of authentication (username/password against a db??) ... Dominick Baier - DevelopMentor ... make a web method via dialup to my IIS Web Service. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: ASP.NET 2.0 Authorization Roles..Got Solution.
... the only difference is see with the provider and a normal WindowsPrincipal is, that the machine name for local groups gets stipped out. ... Dominick Baier - DevelopMentor ... I never used WindowsTokenRoleProvider earlier. ...
(microsoft.public.dotnet.framework.aspnet.security)