C# Sha256 Tutorial – Complete Guide

Welcome to our introductory tutorial on SHA256 hashing in C#. This is a topic that touches the core of data integrity and security in modern programming. If you’ve ever wondered how passwords are securely stored or how data integrity is maintained during transmission, you’ve come to the right place. Let’s dive in and explore the exciting world of SHA256 hashing in C#.

What is SHA256?

SHA256, also known as Secure Hash Algorithm 256, is a cryptographic hash function that generates an almost-unique, fixed size 256-bit hash. It is part of the SHA-2 (Secure Hash Algorithm 2) family, which is in wide use in cryptographic systems to maintain data integrity and security.

What is it for?

In a nutshell, SHA256 is used extensively in data integrity checks, information security, password protection, and many more fields requiring secure hashing. Whenever we need to ensure that a transmitted packet of data arrives without being tampered with, or securely store sensitive information like passwords, SHA256 steps into the spotlight.

Why should I learn it?

Developing an understanding of SHA256 and its implementation in C# is beneficial in more ways than one. It opens doors to working on security-focused applications and improves your overall coding prowess with an essential understanding of data security operations. It’s also a highly-respected skill in the industry, given the ever-increasing importance of data security.

Now that we have established the purpose and importance of SHA256, let’s delve into some code and see it in action!

CTA Small Image

Creating a SHA256 Hash in C#

The first thing we need to do in order to create a SHA256 hash in C# is to utilize the SHA256Managed class which resides in the System.Security.Cryptography namespace. Thus, we need to make sure we include this namespace in our code:

using System.Security.Cryptography;

In the following example, we create a SHA256 hash from a string and output the hashed string:

SHA256 sha256Hash = SHA256.Create();
byte[] bytes = sha256Hash.ComputeHash(Encoding.UTF8.GetBytes("Hello World"));

StringBuilder builder = new StringBuilder();
for (int i = 0; i < bytes.Length; i++)


Comparing SHA256 Hashes

Comparing hashes is an important part of using SHA256. When we store passwords, for example, we never store the actual password, but the hashed equivalent. Here’s how you can compare a string to a hashed password:

string password = "myPassword";
string hashedPassword = HashPassword(password); // function to hash password
string input = "passwordToCheck";

if(hashedPassword == HashPassword(input))
   Console.WriteLine("Password Match");
   Console.WriteLine("Password does not match");

Working with SHA256 in Files

If we want to check the integrity of files, we use the ComputeHash method on a FileStream object. This allows us to check if a file has been tampered with.

using (FileStream fileStream = File.OpenRead("filePath"))
   SHA256 sha256 = SHA256.Create();
   byte[] hashValue = sha256.ComputeHash(fileStream);
   // Print or do what you want with the hashvalue

We hope these examples demystify working with SHA256 in C#. In our next tutorial, we will delve deeper into the practical applications of SHA256 hashing in C#.

Creating a Checksum

SHA256 hashing can be used to validate the integrity of data, which could be quite useful when sending or receiving data over a network. Let’s take a look at how we can create a checksum for a data packet:

public string CreateChecksum(byte[] data)
    SHA256 sha256 = SHA256.Create();
    byte[] hash = sha256.ComputeHash(data);
    return Convert.ToBase64String(hash);

This method computes the SHA256 hash of a data packet and then converts it to a Base64 string. This string will be unique for each unique data packet, allowing you to identify any changes in data.

Verifying a Checksum

Creating a checksum is half the job done. We also want to verify this checksum to be sure the data has not been tampered with. Here’s a method to accomplish this:

public bool VerifyChecksum(byte[] data, string checksum)
    string newChecksum = CreateChecksum(data);
    return newChecksum.Equals(checksum);

The above method obtains a new checksum from the data packet and compares it to the original one.

Encrypting and Decrypting Data

SHA256 hashing can also be used in conjunction with AES encryption to secure information. Let’s see how that can be done:

public byte[] EncryptData(byte[] data, byte[] key)
    Aes aes = Aes.Create();
    aes.Key = key;

    ICryptoTransform encryptor = aes.CreateEncryptor();
    byte[] encryptedData = encryptor.TransformFinalBlock(data, 0, data.Length);

    return encryptedData;

public byte[] DecryptData(byte[] encryptedData, byte[] key)
    Aes aes = Aes.Create();
    aes.Key = key;

    ICryptoTransform decryptor = aes.CreateDecryptor();
    byte[] decryptedData = decryptor.TransformFinalBlock(encryptedData, 0, encryptedData.Length);

    return decryptedData;

This pair of methods allows us to encrypt and decrypt data using AES encryption, whereas our key is a SHA256 hash.


From creating and verifying checksums to encrypting and decrypting data, SHA256 plays a crucial role in ensuring data integrity and security in C#. With the examples provided above, we hope you’ve gained practical insights on how to integrate these concepts into your coding practices. Keep brushing up on these skills; they will greatly enhance your applications, making them secure and reliable! Happy coding!

Digesting a Password with Salt

Password security is significantly enhanced using a “salt,” which is an additional piece of data given as input to the hashing function along with the password. This makes each user’s password unique and more resistant to brute force attacks. Let’s generate a random salt and use it to hash a password:

public string HashPasswordWithSalt(string password, out string salt)
    RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
    byte[] saltBytes = new byte[16];
    salt = Convert.ToBase64String(saltBytes);

    Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, saltBytes, 1000);
    byte[] hash = pbkdf2.GetBytes(20);
    return Convert.ToBase64String(hash);

In the above code, we first generate a 16-byte random salt. We then use an instance of Rfc2898DeriveBytes (which is a PBKDF2 implementation) to create a 20-byte secure hash of the password and salt, which we return as a Base64 string.

Verifying a Salty Password

Here’s how we would check a password by comparing it with our salt and the previously hashed password:

public bool VerifyPassword(string password, string salt, string hashedPassword)
    byte[] saltBytes = Convert.FromBase64String(salt);

    Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, saltBytes, 1000);
    byte[] hash = pbkdf2.GetBytes(20);
    string newHashedPassword = Convert.ToBase64String(hash);

    return newHashedPassword.Equals(hashedPassword);

This method converts the string salt to a byte array, generates a new hash of the input password and salt and then compares it with the original hashed password.

Message Authenticity and Integrity

SHA256 is also used in ensuring the authenticity and integrity of messages sent over a network. HMAC (Hash-based Message Authentication Code) is commonly used for this purpose:

public byte[] SignMessage(string message, byte[] key)
    HMACSHA256 hmac = new HMACSHA256(key);
    byte[] signature = hmac.ComputeHash(Encoding.UTF8.GetBytes(message));
    return signature;

public bool VerifyMessage(string message, byte[] key, byte[] signature)
    byte[] newSignature = SignMessage(message, key);
    return newSignature.SequenceEqual(signature);

These functions allow us to create a secure signature for a message using a secret key, as well as verify the integrity and the authenticity of a message using the same key.


From handling password security with salts, to ensuring message integrity and authenticity using HMAC, we’ve touched upon some of the fundamentals of SHA256 hashing in C#. Each new approach adds a layer of security and assurance to your programming skills. Keep exploring, keep learning, and continue building incredible, secure software!

Where to Go Next?

Understanding SHA256 hashing and its utilization in C# is an excellent starting point in your journey into more specialized facets of programming and cybersecurity. The real world applications of this command are vast – its relevance in data protection and integrity quality assurance can’t be overstated. But where do you go from here?

We encourage you to dive deeper into the pool of software development concepts by continuing to expand your skill set with Zenva. Our platform offers beginner to professional accessible courses in programming, game development, AI – you name it. We have over 250 supported online courses to boost your tech skills.

Specifically, if you’re inclined towards game development, have a look at our Unity Game Development Mini-Degree. This project-based, self-paced mini-degree covers numerous aspects of game development using Unity, one of the most prominent game engines globally. We also recommend our comprehensive collection of Unity courses for an even broader exploration. Remember, with Zenva, you can progress from beginner to professional at your own pace and in your preferred specialization.


SHA256 hashing in C# serves as your gateway to the larger world of data security and cryptography. In a world where data integrity and security are paramount, your skills in hashing and encryption set you apart. We hope that our tutorial brings you a step closer to understanding and integrating these crucial concepts into your programming practices.

Remember, your journey with Zenva doesn’t stop here. We encourage you to embrace this learning journey and explore our extensive collection of online courses on various tech topics, be it web development, AI, VR, game development or data security. Happy learning!

Did you come across any errors in this tutorial? Please let us know by completing this form and we’ll look into it!

Python Blog Image

FINAL DAYS: Unlock coding courses in Unity, Godot, Unreal, Python and more.