[jira] [Created] (CAY-2109) cayenne-crypto: add value authentication (HMAC)

Andrus Adamchik (JIRA) Tue, 30 Aug 2016 01:56:37 -0700

Andrus Adamchik created CAY-2109:
------------------------------------

             Summary: cayenne-crypto: add value authentication (HMAC)
                 Key: CAY-2109
                 URL: https://issues.apache.org/jira/browse/CAY-2109
             Project: Cayenne
          Issue Type: Bug
            Reporter: Andrus Adamchik
            Assignee: Andrus Adamchik



A previously ignored concern with using cayenne-crypto is data integrity. 
Corrupt messages will happily decrypt to garbage. Valid messages will happily 
decrypt with a corrupt key, also to garbage. So to make the system more robust, 
we'll be adding an optional message authentication code (MAC). I am using 
"Cryptography Engineering" book [1] as a reference on the best MAC practices. 
Implementation parameters:

* HMAC [2]
* SHA-256 
* authenticate-then-encrypt
* Authenticated message will be made of the following fields:

     protocol_version || flags || secret_key || message

(or should we just do header || secret_key || message?)


[1] https://www.schneier.com/books/cryptography_engineering/
[2] https://en.wikipedia.org/wiki/Hash-based_message_authentication_code



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (CAY-2109) cayenne-crypto: add value authentication (HMAC)

Reply via email to