Application Security Testing: An Integral Part of DevOps
A file Checksum is used to verify the integrity of a file. Checksumming detects both transmission errors and tampering. To detect transmission errors, one could use a CRC (cyclic redundancy check). To detect tampering (and transmission errors), one generally chooses a cryptographic Hash due to the desireable property of Collision Resistance.
This article will discuss the following topics:
- Shell Extension DLL Usage
- Compiling and Integrating Crypto++ into the Visual C++ Environment
- Windows Clipboard APIs
- Crypto++ ChannelSwitch Class
- Creating a Shell Context Menu Extension DLL
- Debugging and Managing an Unstable Explorer.exe
- Creating CreateHash and VerifyHash Shell Context Menu Extension Dlls
Microsoft offers a command line file checksum tool published under Knowledge Base article Q841290,"Availability and Description of the File Checksum Integrity Verifier Utility." The Microsoft tool supports MD5 or SHA1.
Shell Extension DLL Usage
Should the reader desire to use the Extension DLLs, he or she should:
- Download the DLL (CtxCreateHashDll.zip or CtxVerifyHashDll.zip)
- Place in C:\Winnt\System32\
- regsvr32.exe CtxCreateHash.Dll
- regsvr32.exe CtxVerifyHash.Dll
Once the DLLs are registered, they are avialable as Context Menus when one right-clicks a file (or multiple files) in Windows Explorer.
If the user selects Create Checksum, MD5, SHA-1, RIPEMD-160, and SHA-256, hashes are created of the selected file or files and a Message Box is displayed with a digest of the hashed file or files. A digest (truncated version) is displayed to keep the Message Box size manageable. The full Checksums are placed on the Windows Clipboard for pasting.
Truncated Message Box
Pasting into Notepad from the Clipboard reveals the full text.
Verifying a file's checkum is equally trivial. Navigate to the web page or document where the checksum resides, highlight, and Copy to the Clipboard.
Copy Checksums to the Clipboard
Navigate to the files, right-click, and select Verify Checksum.
A Message Box will be presented similar to that shown below. The message box will group files in two catagories: verified and unverified. A verified file will display the message "Verified Checksum" with a digest of the checksum. An unverified file will diplay the message "Unverified Checksum".
Verify Checksum Message Box
When verifying, the extension DLL uses MD4, MD5, RIPEMD-128, SHA-1, HAVAL, RIPEMD-160, and SHA-256. Internally, the DLL searches for matching hash values in order from strongest to weakest (SHA-256 to MD4). The match algorithm terminates on a first match, so only the strongest hash is displayed.
Note that hash length does not necessarily equate to strength. For example, RIPEMD-128 is as cryptographically strong as RIPEMD-256; RIPEMD-160 is as cryptographically strong as RIPEMD-320. RIPEMD-256 and RIPEMD-320 simply generate more entropy for a given Message M. The reader should refer to "Optional Extensions to 256 and 320 Hash Results: RIPEMD-256 and RIPEMD-320" for details.