[CAY-2109] cayenne-crypto: add value authentication (HMAC) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.B1
Component/s: None
Labels:
None

Description

A previously ignored concern with using cayenne-crypto is data integrity. Corrupt messages will happily decrypt to garbage. Valid messages will happily decrypt with a corrupt key, also to garbage. So to make the system more robust, we'll be adding an optional message authentication code (MAC). I am using "Cryptography Engineering" book [1] as a reference on the best MAC practices. Implementation parameters:

HMAC [2]
SHA-256
authenticate-then-encrypt
Authenticated message will be made of the following fields:

protocol_version || flags || secret_key || message

(or should we just do header || secret_key || message?)

[1] https://www.schneier.com/books/cryptography_engineering/
[2] https://en.wikipedia.org/wiki/Hash-based_message_authentication_code

Attachments

Activity

People

Assignee:: Nikita Timofeev

Reporter:: Andrus Adamchik

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 30/Aug/16 08:55

Updated:: 31/Mar/17 13:08

Resolved:: 31/Mar/17 13:08