Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Confused how to use AES and HMAC

Tags:

cryptography

aes

hmac

I'm a little bit confused how to use AES and HMAC (based on SHA-256) in a proper way when transmitting the encrypted message from server to client or vice versa

Correct me please if the following method is wrong:

  1. Take the secure key from the key file (for example we suggest to use the AES-256 and we already have a valid 256 bit length key)
  2. Generate random IV for AES-256 to be sure that the same plain text will have different encryption output.
  3. Calculate HMAC-SHA-256 using the plain text and secure key. (The first question: should I use IV for HMAC calculation? For example append to secure key?)
  4. Encrypt the plain text using AES-256.
  5. Compose message for client as following: HMAC + IV+ ENCRYPTED_MESSAGE

The biggest question is: is it possible somehow not to send IV to client but instead generate it the same way and still be crypto safe? Or is it ok to send the IV too?

I've end up with random IV generation, because it is needed that the same plain text will end up in different encryption results.

like image 936
Valentin Avatar asked Apr 23 '12 11:04

Valentin

People also ask

Does AES use HMAC?

Authenticated encryption with AES in CBC mode using SHA256 (SHA-2, 256-bits) as HMAC, with keys of 128 and 256 bits length respectively. The authentication tag is 256 bits long.

How AES works step by step?

For encryption, each round consists of the following four steps: 1) Substitute bytes, 2) Shift rows, 3) Mix columns, and 4) Add round key. The last step consists of XORing the output of the previous three steps with four words from the key schedule.

When Should AES be used?

The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information. AES is implemented in software and hardware throughout the world to encrypt sensitive data. It is essential for government computer security, cybersecurity and electronic data protection.

How does AES algorithm work with example?

How does AES work? The AES algorithm uses a substitution-permutation, or SP network, with multiple rounds to produce ciphertext. The number of rounds depends on the key size being used. A 128-bit key size dictates ten rounds, a 192-bit key size dictates 12 rounds, and a 256-bit key size has 14 rounds.

1 Answers

Don't send hmac(message),aes(message). If you send the same message twice, anyone can tell. Moreover, you need to mac the cipher-text to prevent attacks such as the padding oracle attack.

IV: In general, the easy way to deal with the iv is to prepend it, since it's fixed length, to the cipher text.You can then just read off those bytes before decrypting. IV's can be public, but they must be random.

HMAC: Easiest way, if your library supports it, is to use AES in GCM mode (or, less preferably EAX). This is not actually an HMAC, but it provides authenticated encryption which is just as good.If these are not supported :

You do need to compute the hmac over both the iv and the cipher text. if || is concatenation ( which you could do with say array copy if dealing with byte arrays) then you want 

CipherText = iv|| aes(key1,iv,message)  
tag = hmac(key2,ciphertext)

And then send (tag,CipherText). On the other end, you run the same hmac call to regenerate the tag and the compare the received tag with the computed one. Compare the sha1 or sha256 hashes of the tags instead of directly so you don't leak where the comparison fails.

You should use a different key for the hmac. In practice tacking the sha1 sum of your encryption key is good enough.

like image 176
imichaelmiers Avatar answered Sep 30 '22 11:09

imichaelmiers
Sign in to Comment

Related questions

AES128 vs AES256 using bruteforce
Generating own key with Python Fernet
using DES/3DES with python
Git is moving to new hashing algorithm SHA-256 but why git community settled on SHA‑256
What is best possible way of salting and storing salt?
Is Microsoft's GUID generator cryptographically secure
.NET Private Key Rsa Encryption
Loading raw 64-byte long ECDSA public key in Java
how to compare a password text with the bcrypt hashes?
Is it possible to reverse engineer AES256?
How to Generate an MD5 hash in Kotlin? [closed]
How to encrypt a string in .NET? [duplicate]
Sending password safely from the front-end to the back-end using MD5
EXP(ORT) ciphers and M2Crypto/OpenSSL
How to verify data against signature with public key that uses sha1ecdsa?
RSA Encryption-Decryption in iphone
Safest way to update game score from client to server database? Javascript
Can't change the keystore format
PBEKeySpec with byte array argument instead of ASCII
Characteristics of an Initialization Vector

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!