473,320 Members | 1,845 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Adding MD5CryptoServiceProvider hash to an XMLSerializer.Serialize

How can I add an MD5 hash to XMLSerializer.Serialize without corrupting the
content of the file; then how to read it back to verify is correct?

I'd like to code up something (see below) that looks like this, but I'm not
sure this is correct approach to the problem. Once I add the signature, the
file won't test the same way again. I know I could add it to the bottom of
the file, but then everyone would have to know my algorithm for correct
computation, it seems to me there should be a standard way to do this.

Example (ignore coding errors, I'm after the logic)

XmlSerializer xs = new XmlSerializer(class types);
FileStream fs = new FileStream(Create, Write, None);

xs.Serialize (fs, class types)

AddMD5(fs); <-- How to implement?

function AddMD5( FileStream )
{
MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
using (FileStream fs = new FileStream( fs )
hash = md5.ComputeHash(fs);

-->Add hash to filestream
}

function VerifyMD5 (FilesStream )
{
// nothing will match, without custom algorithm
}

Any help would be appreciated.

Jim
I'm not even sure this is the correct approach to this problem;
Jul 16 '07 #1
2 2643
On Mon, 16 Jul 2007 14:04:16 -0700, MouthOfMadness
<Mo************@discussions.microsoft.comwrote:
>How can I add an MD5 hash to XMLSerializer.Serialize without corrupting the
content of the file; then how to read it back to verify is correct?

I'd like to code up something (see below) that looks like this, but I'm not
sure this is correct approach to the problem. Once I add the signature, the
file won't test the same way again. I know I could add it to the bottom of
the file, but then everyone would have to know my algorithm for correct
computation, it seems to me there should be a standard way to do this.

Example (ignore coding errors, I'm after the logic)

XmlSerializer xs = new XmlSerializer(class types);
FileStream fs = new FileStream(Create, Write, None);

xs.Serialize (fs, class types)

AddMD5(fs); <-- How to implement?

function AddMD5( FileStream )
{
MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
using (FileStream fs = new FileStream( fs )
hash = md5.ComputeHash(fs);

-->Add hash to filestream
}

function VerifyMD5 (FilesStream )
{
// nothing will match, without custom algorithm
}

Any help would be appreciated.

Jim
I'm not even sure this is the correct approach to this problem;
1 MD5 is not recommended for new applications, SHA-256 is more secure.

2 The hash is a fixed length, so you can create a new file with the
hash at the front:

Create:
make Serialize file
calculate hash
write hash to new file
append Serialize file to hash file
Verify:
open hash file
read fixed length hash
copy remainder to temporary file or memory
calculate hash of temporary file
if hashes match then
deserialize temporary file
else
delete temporary file
flag error
endif

Depending on how secure you want to be, you may need to use
hash(hash(Serialized)) to avoid length extension attacks.

rossum

Jul 16 '07 #2
Hi Rossum,

Thanks for the response, this didn't quite answer my question. I should
have stated a few requirements up front, I'm not after security but rather I
just want to be sure the file I "just" transferred looks the same as the file
I'm holding.

Second, I don't want to implement a custom solution, I could have added the
hash at the end of the file and read all the lines before.

The approach I would like to take, looks a lot like the way a soap message
is signed, but I want it to be file based.

Any help?

"rossum" wrote:
On Mon, 16 Jul 2007 14:04:16 -0700, MouthOfMadness
<Mo************@discussions.microsoft.comwrote:
How can I add an MD5 hash to XMLSerializer.Serialize without corrupting the
content of the file; then how to read it back to verify is correct?

I'd like to code up something (see below) that looks like this, but I'm not
sure this is correct approach to the problem. Once I add the signature, the
file won't test the same way again. I know I could add it to the bottom of
the file, but then everyone would have to know my algorithm for correct
computation, it seems to me there should be a standard way to do this.

Example (ignore coding errors, I'm after the logic)

XmlSerializer xs = new XmlSerializer(class types);
FileStream fs = new FileStream(Create, Write, None);

xs.Serialize (fs, class types)

AddMD5(fs); <-- How to implement?

function AddMD5( FileStream )
{
MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
using (FileStream fs = new FileStream( fs )
hash = md5.ComputeHash(fs);

-->Add hash to filestream
}

function VerifyMD5 (FilesStream )
{
// nothing will match, without custom algorithm
}

Any help would be appreciated.

Jim
I'm not even sure this is the correct approach to this problem;
1 MD5 is not recommended for new applications, SHA-256 is more secure.

2 The hash is a fixed length, so you can create a new file with the
hash at the front:

Create:
make Serialize file
calculate hash
write hash to new file
append Serialize file to hash file
Verify:
open hash file
read fixed length hash
copy remainder to temporary file or memory
calculate hash of temporary file
if hashes match then
deserialize temporary file
else
delete temporary file
flag error
endif

Depending on how secure you want to be, you may need to use
hash(hash(Serialized)) to avoid length extension attacks.

rossum

Jul 16 '07 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Stuart Robertson | last post by:
I am trying to find a solution that will allow me to use XmlSerializer to serialize/deserialize a collection of objects where a given object is shared between two or more other objects, and not...
2
by: Chris Aitchison | last post by:
Hello, I am attempting to have a class that I have written serialize so that it can be both passed as a parameter or return value for a webservice, and also be serialized to disk using the...
4
by: Andy Neilson | last post by:
I've run across a strange behaviour with XmlSerializer that I'm unable to explain. I came across this while trying to use XmlSerializer to deserialize from a the details of a SoapException. This...
16
by: Bob Rock | last post by:
Hello, when serializing an array of elements of a class Classname using XmlSerializer.Serialize() I get an XML like the following: <?xml version="1.0"> <ArrayOfClassname> ....... ..........
2
by: magister | last post by:
Hello I got this working but it is not how I really want it, basically I have an xml file which has a root of <test> and can be filled with 3 different types of <question> elements with different...
1
by: Bill Geake | last post by:
I am successfully serializing to XML from a class like this: private static void CreateXML() { testClass c = new testClass(); c.stringElement = "data1"; c.stringElement2 = "data2"; ...
3
by: Loui Mercieca | last post by:
Hi, I have created a class, named FormField , which basically contains two fields, name and value. I have set the tag before the class and the field is set as an XmlAttribute whil the name as...
8
by: cd~ | last post by:
I can provide a test app, the news server won't allow me to post the files because they are too large (93KB and 1.2KB) I downloaded the ESRI ArcXml schema and generated the classes from the...
7
by: John Smith | last post by:
Hi, I am very new to C# and NET framework. I am trying to hash (using MD5CryptoServiceProvider) a source that is split into several files. Now when the source is in one file I can produce the...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.