I'm trying to add some feature to my game launcher. Need to verify game files before the game exe starts. If any file is corrupted updater is going to download that file again. Files can be verified from the xml file which on the server (with checking files byte or md5). Im really bad on programming but trying to learn c#. If someone will guide me, i'll be very grateful.
MD5 checksums are an easy, but not foolproof way to verify.
I would recommend using cryptographic signatures, which is a checksum (usually SHA256 these days) encrypted in a way that can allow recipients verify the authenticity of the payload.
Using this technique, your users know not just that the payload is valid, but that it came from you and not someone who hacked your website.
Of course, this relies on the sanctity of your private keys, so keep them very safe.
You can do this following the tutorial on https://msdn.microsoft.com/en-us/library/hk8wx38z(v=vs.110).aspx
Sayith Microsoft:
Digital signatures are usually applied to hash values that represent larger data. The following example applies a digital signature to a hash value. First, a new instance of the RSACryptoServiceProvider class is created to generate a public/private key pair. Next, the RSACryptoServiceProvider is passed to a new instance of the RSAPKCS1SignatureFormatter class. This transfers the private key to the RSAPKCS1SignatureFormatter, which actually performs the digital signing. Before you can sign the hash code, you must specify a hash algorithm to use. This example uses the SHA1 algorithm. Finally, the CreateSignature method is called to perform the signing.
class Class1
{
static void Main()
{
//The hash value to sign.
byte[] HashValue = {59,4,248,102,77,97,142,201,210,12,224,93,25,41,100,197,213,134,130,135};
//The value to hold the signed value.
byte[] SignedHashValue;
//Generate a public/private key pair.
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
//Create an RSAPKCS1SignatureFormatter object and pass it the
//RSACryptoServiceProvider to transfer the private key.
RSAPKCS1SignatureFormatter RSAFormatter = new RSAPKCS1SignatureFormatter(RSA);
//Set the hash algorithm to SHA1.
RSAFormatter.SetHashAlgorithm("SHA1");
//Create a signature for HashValue and assign it to
//SignedHashValue.
SignedHashValue = RSAFormatter.CreateSignature(HashValue);
}
}
For XML specifically:
The .NET Framework provides the System.Security.Cryptography.Xml namespace, which enables you sign XML. Signing XML is important when you want to verify that the XML originates from a certain source. For example, if you are using a stock quote service that uses XML, you can verify the source of the XML if it is signed.