我正在构建一个经过FIPS验证的应用程序,并在我的计算机上启用了FIPS模式。我需要HMAC功能,希望基于SHA512。我知道HMAC SHA1功能是经过FIPS验证的,但我有一个散列函数SHA512CryptoServiceProvider,它经过FIPS验证,我知道FIPS实际上允许使用SHA512。在C#中是否有类似的HMAC功能可以进行FIPS验证的HMAC SHA512?
答案 0 :(得分:7)
有一个HMACSHA512 Class,但它在内部使用SHA512Managed Class,即not FIPS certified。
您可以根据create your own HMACSHA512 Class:
尝试SHA512CryptoServiceProvider Classpublic class MyHMACSHA512 : HMAC
{
public MyHMACSHA512(byte[] key)
{
HashName = "System.Security.Cryptography.SHA512CryptoServiceProvider";
HashSizeValue = 512;
BlockSizeValue = 128;
Key = key;
}
}
答案 1 :(得分:2)
以下对我有用 - 我能够创建AES和SHA256 FIPS快乐HMAC:
/// <summary>Computes a Hash-based Message Authentication Code (HMAC) using the AES hash function.</summary>
public class AesHmac : HMAC
{
/// <summary>Initializes a new instance of the AesHmac class with the specified key data.</summary>
/// <param name="key">The secret key for AesHmac encryption.</param>
public AesHmac(byte[] key)
{
HashName = "System.Security.Cryptography.AesCryptoServiceProvider";
HashSizeValue = 128;
BlockSizeValue = 128;
Initialize();
Key = (byte[])key.Clone();
}
}
/// <summary>Computes a Hash-based Message Authentication Code (HMAC) using the SHA256 hash function.</summary>
public class ShaHmac : HMAC
{
/// <summary>Initializes a new instance of the ShaHmac class with the specified key data.</summary>
/// <param name="key">The secret key for ShaHmac encryption.</param>
public ShaHmac(byte[] key)
{
HashName = "System.Security.Cryptography.SHA256CryptoServiceProvider";
HashSizeValue = 256;
BlockSizeValue = 128;
Initialize();
Key = (byte[])key.Clone();
}
}
谢谢, 里奇