How to encrypt and decrypt a string using hmac-sha256?

Question

1.00/5 (2 votes)

See more:

I have been using HMAC-SHA256 to encrypt Userdata(username and password),in my console client.When i pass the token generated from encryption to the serverside it must decrypt the token to validate.

For test purpose i am trying encryption as well as decryption in same class in console application.Can someone Help me out how to decrypt the token generated by encrypt method?

    Console.WriteLine("Enter Username:");
    string username = Console.ReadLine();
    Console.WriteLine("Enter Password:");
    string password = Console.ReadLine();
    string data = string.Join(",", username, password);
    string hmactoken = HMACSHA256Class.Encrypt(username, password,data);

public class HMACSHA256Class
{
    static string hashLeft = "";
    static string hashRight = "";
    public static string Encrypt(string uname,string password,string data)
    {
        using (HMAC hmac = HMACSHA256.Create(_alg))
        {
            hmac.Key = Encoding.UTF8.GetBytes(GetHashedPassword(password));
            hmac.ComputeHash(Encoding.UTF8.GetBytes(data));

            hashLeft = Convert.ToBase64String(hmac.Hash);
            hashRight = uname;
            string hash = string.Join(",", hashLeft, hashRight);
            return Convert.ToBase64String(Encoding.UTF8.GetBytes(hash));

        }
    }
}
public static string GetHashedPassword(string password)
{
    string key = string.Join(",", new string[] { password, _salt });

    using (HMAC hmac = HMACSHA256.Create(_alg))
    {
        // Hash the key.
        hmac.Key = Encoding.UTF8.GetBytes(_salt);
        hmac.ComputeHash(Encoding.UTF8.GetBytes(key));

        return Convert.ToBase64String(hmac.Hash);
    }
}

It will be a great help for me if anyone can resolve this

What I have tried:

I tried the building following code,I have went half way to decrypt the token.

public static string Decrypt(string token)
            {
                string hash = Encoding.UTF8.GetString(Convert.FromBase64String(token));
                string[] parts = hash.Split(new char[] { ',' });
                string a = "null";
                if (parts.Length == 2)
                {
                    string hashLeft = parts[1];
                    string hashRight = parts[0];
                    GetPassword(hashRight);
   
                }
                return a;
            }
        }

 public static string GetPassword(string hashedpwd)
        {
            byte[] b = Encoding.UTF8.GetBytes(hashedpwd);
            string key = Convert.ToBase64String(b);

            return "sa";//just to avoid errror
        }

Posted 11-Feb-16 1:19am

Member 1097736

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2016-02-11T01:35:00

Solution 1

You can't. SHA is not an encryption algorithm - it's a hashing algorithm. The difference is that encryption can be reversed, and hashing can't.

You are right to use hashing though - but you don't try to "decrypt" it - you store the hashed value and compare the freshly-hashed user input to that stored hash value.

See here: Password Storage: How to do it.[^]

Posted 11-Feb-16 1:35am

OriginalGriff

Comments

Member 1097736 11-Feb-16 22:44pm

Thanks for the response @OriginalGriff.Got Clear with the doubt.

OriginalGriff 12-Feb-16 4:22am

You're welcome!