Hmacsha256 on .NET 1.1 web app

Question

0.00/5 (No votes)

See more:

.NET1.1

Hello all,

I have a .net 1.1 web app and i need to encrypt data with HMACSHA256 with key, which is not supported. I cannot upgrade the project, since it is our clients live website. It is really important to use this algorithm for online payments - no other algorithm is supported by the bank.

Has anyone faced the same issue?

Thank you!

What I have tried:

I tried to use Bouncy Castle dll, but did not manage to make it work.

Posted 12-Mar-19 22:41pm

Member 13329678

Updated 13-Mar-19 0:30am

v2

Add a Solution

Comments

MadMyche 13-Mar-19 7:55am

So after almost 5 years after being notified, the client wants their over 15 year old platformed bandaged?

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2019-03-12T23:10:00

Solution 1

Several things:
1) It may be urgent to you, but it isn't to us. All that your stressing the urgency does is to make us think you have left it too late, and want us to do it for you. This annoys some people, and can slow a response.
2) Never, ever, accept code from a insecure website to handle anything to do with real money.
You do not know who is giving you the code, you do not know what it does, you do not know that it places the monies correctly into the appropriate account, without passing the details to any third parties.

Only get such code from reputable card transaction service companies - the scope for fraud otherwise is far too large. And remember, you personally could be liable for any monies lost if your action is seen to be negligent - which getting your code from a public forum would most certainly be!
3) Upgrade from .NET 1.1 to at least V4, and it's supported: HMACSHA256 Class (System.Security.Cryptography) | Microsoft Docs[^] using outdated frameworks for security apps? Not a good idea, not at all...

Posted 12-Mar-19 23:10pm

OriginalGriff

Comments

Member 13329678 13-Mar-19 7:02am

First of all, i asked if anyone has faced the same issue, meaning that i can accept something like 'yes, and you can do nothing about it, because....', confirming that no workaround exists for .net1.1.

As far as your answers are concerned:
1)If you find my question annoying, just ignore it and do not spend your time answering "annoying questions". I tried really hard to fix this, i did not just asked for someone to do it for me. Thanks for the recommendation though..

2)In general i agree with you, but there was nothing else to try.

3)I already told you, upgrading the project is not an option. This is not my decision. If it was, don't you think i would have done that?

OriginalGriff 13-Mar-19 7:24am

1) Everything is urgent to someone: the OP of every question wants an answer as soon as possible. By stressing the urgency, you don't improve your chances of getting a quick answer, you make them worse because you come over as assuming you are "better", "more important" than all the other question setters. You aren't: your question is exactly as important as a first time student trying to get "hllo world" to compile.
Assuming that I'm annoyed when I'm giving you advice on how to improve your question - and there is a very good chance that I've seen a lot more questions here than you have - is not productive, and enhances the "sense of entitlement" that readers get, rightly or wrongly from your perspective.
2+3) Assuming "nothing else to try" and going with what you know is a bad idea that could quite possibly end with you in jail isn't really an excuse ...

Do remember that when you deal with real money, you become a target for real criminals - and I'm sorry to say that some of them are a lot brighter, more security savvy, and more knowledgeable than you *and* I ... so giving them an open door to bank accounts is not going to end well. You know this!