 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / Languages / C# / July 2007Adding MD5CryptoServiceProvider hash to an XMLSerializer.Serialize
How can I add an MD5 hash to XMLSerializer.Serialize without corrupting the content of the file; then how to read it back to verify is correct? I'd like to code up something (see below) that looks like this, but I'm not sure this is correct approach to the problem. Once I add the signature, the file won't test the same way again. I know I could add it to the bottom of the file, but then everyone would have to know my algorithm for correct computation, it seems to me there should be a standard way to do this. Example (ignore coding errors, I'm after the logic) XmlSerializer xs = new XmlSerializer(class types); FileStream fs = new FileStream(Create, Write, None); xs.Serialize (fs, class types) AddMD5(fs); <-- How to implement? function AddMD5( FileStream ) { MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider(); using (FileStream fs = new FileStream( fs ) hash = md5.ComputeHash(fs); -->> Add hash to filestream } function VerifyMD5 (FilesStream ) { // nothing will match, without custom algorithm } Any help would be appreciated. Jim I'm not even sure this is the correct approach to this problem; >How can I add an MD5 hash to XMLSerializer.Serialize without corrupting the >content of the file; then how to read it back to verify is correct? [quoted text clipped - 32 lines] >Jim >I'm not even sure this is the correct approach to this problem; 1 MD5 is not recommended for new applications, SHA-256 is more secure. 2 The hash is a fixed length, so you can create a new file with the hash at the front: Create: make Serialize file calculate hash write hash to new file append Serialize file to hash file Verify: open hash file read fixed length hash copy remainder to temporary file or memory calculate hash of temporary file if hashes match then deserialize temporary file else delete temporary file flag error endif Depending on how secure you want to be, you may need to use hash(hash(Serialized)) to avoid length extension attacks. rossum Hi Rossum, Thanks for the response, this didn't quite answer my question. I should have stated a few requirements up front, I'm not after security but rather I just want to be sure the file I "just" transferred looks the same as the file I'm holding. Second, I don't want to implement a custom solution, I could have added the hash at the end of the file and read all the lines before. The approach I would like to take, looks a lot like the way a soap message is signed, but I want it to be file based. Any help? > >How can I add an MD5 hash to XMLSerializer.Serialize without corrupting the > >content of the file; then how to read it back to verify is correct? [quoted text clipped - 60 lines] > > rossum Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.