Solved

how to implement file checksum ?

Posted on 2004-08-09
7
2,809 Views
Last Modified: 2012-06-21
Guyz,

My application uses a .xml file as input, and I need to make sure nobody has edited the file. Can we implement a checksum for this file? If so,
1.Where do I specify the file checksum in the .xml file
2.How to calculate the checksum for the .xml file and compare with the checksum found in the .xml file.

Any ideas?
Thnx!
0
Comment
Question by:kunjachan_
  • 4
  • 3
7 Comments
 
LVL 20

Expert Comment

by:TheAvenger
ID: 11760190
You can create the file, then calculate the sum (for example getting the hash of the whole file string or only a part of it which is important) and save the check sum at the end of the file. When you read it, you can read the whole file, get the check sum that was saved inside it and then calculate again the checksum for the rest of the file (so the real contents, which was also secured when the file was saved). Then compare the check sums.

Instead of calculating a check sum, you can use a more advanced method, like sign the data. For more info have a look at:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconCryptographicServices.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemsecuritycryptographydsaclasstopic.asp
0
 
LVL 7

Expert Comment

by:psdavis
ID: 11761931
I like using MD5 for my checksums.

            MD5 pMD5 = new MD5CryptoServiceProvider( );
            byte[] resultHash = pMD5.ComputeHash( Encoding.ASCII.GetBytes( response ));
            string resultMD5 = Convert.ToBase64String( resultHash );
0
 
LVL 20

Expert Comment

by:TheAvenger
ID: 11761956
Note that using MD5 you can create a hash but you cannot sign it, so everybody can create the hash after signing the file
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 7

Expert Comment

by:psdavis
ID: 11761972
If all he is doing is making sure no one has edited the file, then the checksum idea is sound.  His biggest problem is that he wants to include the checksum inside the xml which invariably changes the checksum of the file.
0
 
LVL 20

Accepted Solution

by:
TheAvenger earned 100 total points
ID: 11762001
First, if I change the file, I will calculate a new hash, so the application will not notice that the file was changed - the hash is not enough.
Second, I already explained how the hash/signature can be included inside the file: make the hash always over the XML without the hash. This means you have <xml content><hash> and when the file is read, you remove the <hash> part, make a new hash of the <xml content> and verify the new hash with the <hash> part.
0
 
LVL 7

Expert Comment

by:psdavis
ID: 11762006
Yep. Yer right.  I'm still pre-Diet Pepsi and not fully awake yet.
0
 
LVL 20

Expert Comment

by:TheAvenger
ID: 11762024
:-))
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction Hi all and welcome to my first article on Experts Exchange. A while ago, someone asked me if i could do some tutorials on object oriented programming. I decided to do them on C#. Now you may ask me, why's that? Well, one of the re…
This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question