Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using one key for Encryption and HMAC

I am wondering whether I can use a shared secret key established between two clients as the HMAC key too.

I saw that there is a problem when it is used as a CBC-MAC but I haven't found any evidence it is bad practice for HMACs.

Thanks, Vladimir

like image 333
Vladimir Avatar asked Mar 23 '10 15:03

Vladimir


People also ask

How are HMAC keys shared?

When two parties exchange messages through those secure file transfer protocols, those messages will be accompanied by HMACs instead of plain hashes. An HMAC employs both a hash function and a shared secret key. A shared secret key provides exchanging parties a way to establish the authenticity of the message.

Is HMAC symmetric key?

(An HMAC key is also a symmetric key, but it's used for signing, not encryption.) A typical symmetric-key algorithm is the Advanced Encryption Standard (AES).

Does AES use HMAC?

No. HMAC-SHA1 is very different from AES encryption. HMAC-SHA1 is not an encryption algorithm.

Is HMAC deterministic?

4. Because HMAC is a deterministic MAC (it always produces the same output when run multiple times with the same input), we were able to look up a domain name using its HMAC value. There are also randomized MACs, that output a different tag every time, even when given the same input.


2 Answers

I believe it is currently in the category of "seems probably OK, but why take the risk?".

Best practice is to have each side generate two new keys from the shared secret key:

encryption-key := HMAC(shared-key, "Encryption Nonce")
hmac-key := HMAC(shared-key, "Authenticity Nonce")
like image 192
caf Avatar answered Sep 29 '22 16:09

caf


As caf eluded to. One of the correct ways to do this is to hash the shared-secret-key with some extra data.

For Example:

enc-key = HASH(shared-key || 1)
hmac-key = HASH(share-key || 2)

This has the benefit of not needing to transfer 2 extra nonces as well as being easy to implement.

I would NOT use the same key in different functions (enc + hmac). That is asking for trouble and a bad idea.

like image 38
mox1 Avatar answered Sep 29 '22 15:09

mox1