W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: MAC and HMAC

From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date: Thu, 18 Oct 2001 19:07:43 +0200
To: Dave Roberts <dave.roberts@saaconsultants.com>, Joseph Reagle <reagle@w3.org>
Cc: Naveen Kumar Konduru <konduru27@yahoo.com>, dsig <w3c-ietf-xmldsig@w3.org>
Message-id: <2704683925.1003432063@pinkpanther>
Hi Dave,

--On Donnerstag, 18. Oktober 2001 17:44 +0100 Dave Roberts 
<dave.roberts@saaconsultants.com> wrote:

>> HMAC-SHA1 is actually to be used as the SignatureAlgorithm (though
>> security  concerns prompts us to distinguish between "Signature" and
>> "MAC" in the  algorithm characterizations.) Consequently, the key would
>> be identified in  KeyInfo.
> May I ask what type of KeyInfo would you use?

The MAC uses a symmetric key which has to be identified by an optionally 
supplied KeyInfo. So you cannot include the Key itself as KeyValue and 
cannot use X509Data cause the Key has nothing to do with X.509 
Certificates. But you _can_ use KeyName with a custom KeyIdentifier or a 
retrival method that works in the signature verification environment.

> In addition, section 6.3.1 states that the output length of the HMAC
> algorithm can be truncated.  However RFC 2104 makes no mention of
> truncation (that I could see).  So I was wondered what exactly is
> truncated.

The MAC algorithm outputs a byte array of the length of the used digest 
method (for HMAC-SHA1 which uses SHA1, this are 160 bit (20 byte)). This 
byte array is truncated...

Received on Thursday, 18 October 2001 13:05:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC