W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: MAC and HMAC

From: Dave Roberts <dave.roberts@saaconsultants.com>
Date: Fri, 19 Oct 2001 09:39:56 +0100 (BST)
To: dsig <w3c-ietf-xmldsig@w3.org>, Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Message-ID: <Pine.A32.3.96.1011019092735.38498A-100000@olympus.saa-cons.co.uk>
Thanks to Christian and Merlin for the responses...

On Thu, 18 Oct 2001, Christian Geuer-Pollmann wrote:

> The MAC uses a symmetric key which has to be identified by an optionally 
> supplied KeyInfo. So you cannot include the Key itself as KeyValue and 

Yep, that certainly prompted my question.

> Certificates. But you _can_ use KeyName with a custom KeyIdentifier or a 
> retrival method that works in the signature verification environment.

Understood.  A mutual agreement of the secret key, and an identifier that
both parties use.  Or retrieval via SSL perhaps to keep the key secret.
Much obliged.

> The MAC algorithm outputs a byte array of the length of the used digest 
> method (for HMAC-SHA1 which uses SHA1, this are 160 bit (20 byte)). This 
> byte array is truncated...

OK, I understand the truncation, but which bits do you lose, the Most
Significant or Least Significant?  I suspected the MSB is lost, and the
LSB is kept, but... I took a look at the examples in the
merlin-xmldsig-fifteen tarball.  There is one example outputting the full
MAC, and one that outputs 40 bits.  As far as I can see, the data being
signed is exactly the same, and they use the same secret key, however
converting the base64 MAC back into binary, there appears to be no
instance of the 40 bits as a subset of the 160 bits (IFSWIM)... so I'm
obviously missing something (probably very simple :) 

- Dave.
Received on Friday, 19 October 2001 04:41:49 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:14 GMT