Uploaded image for project: 'Cayenne'
  1. Cayenne
  2. CAY-2109

cayenne-crypto: add value authentication (HMAC)

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 4.0.B1
    • None
    • None

    Description

      A previously ignored concern with using cayenne-crypto is data integrity. Corrupt messages will happily decrypt to garbage. Valid messages will happily decrypt with a corrupt key, also to garbage. So to make the system more robust, we'll be adding an optional message authentication code (MAC). I am using "Cryptography Engineering" book [1] as a reference on the best MAC practices. Implementation parameters:

      • HMAC [2]
      • SHA-256
      • authenticate-then-encrypt
      • Authenticated message will be made of the following fields:

      protocol_version || flags || secret_key || message

      (or should we just do header || secret_key || message?)

      [1] https://www.schneier.com/books/cryptography_engineering/
      [2] https://en.wikipedia.org/wiki/Hash-based_message_authentication_code

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            ntimofeev Nikita Timofeev
            andrus Andrus Adamchik
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment