tags:

views:

1075

answers:

2
Q: 

How is the machineKey validationKey used when creating a sha1 hash? 

<machineKey validation="SHA1" validationKey="<64-byte key>"

What exactly does the validationKey do? Say I create a hash with SHA1. How does the validationKey play in to it?

Consider this code:

HMACSHA1 hashSha = new HMACSHA1(_validationKey);
byte[] ret = hashSha.ComputeHash(bytes, offSet, count);
return ret;

We are generating a new _validationkey, right? Then we take our bytes and hash them in ComputeHash. What is the point of the _validationKey? Do we need it when we validate the hash in some way?

And if it doesn't have any role in the process, then is the following true?

I have a byte array that's 80 bytes long, and the last 20 bytes consists of an asp.net sha1 hash, then the first 60 bytes, if sha1 hashed should match the last 20

validationKey plays no role in that?

+4  A: 

The validationKey is used to encrypt the viewstate data and make sure that what comes back on a postback is valid.

http://msdn.microsoft.com/en-us/library/system.web.configuration.machinekeysection.validationkey.aspx

EDIT: Sorry, this didn't really answer your question. The validationKey is only used when validating that your viewstate data hasn't been tampered with and the SHA1 that you are referring to is what type of algorithm you want to use with your validationKey. It is not used when creating a SHA1 hash, it's only for asp.net pages.

Nick  2009-03-06 20:07:56
So if I have a byte array that's 80 bytes long, and the last 20 bytes consists of an asp.net sha1 hash, then the first 60 bytes, if sha1 hashed should match the last 20, yes? validationKey plays no roll in that?
lynn  2009-03-06 20:36:51
according to msdn, validationKey is only used when enableViewStateMAC is true
Nick  2009-03-06 20:41:38
Which begs the question, how does enableViewStateMac use the validationKey, but I'll save that one for Monday. Thanks.
lynn  2009-03-06 20:45:26
A: 

In my case, I discovered that the validation key is used to create the sha1 hmac keyed hash.

lynn  2009-03-09 17:56:08

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?