From e4164aab4d2b26c969320b8616ad5f2cb18f06b0 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Mon, 23 Oct 2023 13:04:42 +0200
Subject: [PATCH] Add section on HMAC

---
 book/source/03-cryptography.md | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md
index ef16781..bbba26d 100644
--- a/book/source/03-cryptography.md
+++ b/book/source/03-cryptography.md
@@ -16,14 +16,22 @@ Here are two important properties of cryptographic hash functions:
 - ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash value, it should be very difficult to determine the original data it represents.
 - ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash value.
 
+## Message Authentication Codes
+
+[Message Authentication Codes](https://en.wikipedia.org/wiki/Message_authentication_code) (MAC, also called authentication tags) are small pieces of information, which can be used to verify the integrity and authenticity of a message.
+They are calculated over the original message using a (symmetric) secret key.
+The recipient of a message containing a MAC, who is also in posession of the secret key can verify that the message has not been tampered with.
+
+[HMAC](https://en.wikipedia.org/wiki/HMAC) is a hash-based message authentication code, which is used in the OpenPGP protocol.
+
 ### Key Derivation Functions
 
 Hash functions can also be used to construct [key derivation functions](https://en.wikipedia.org/wiki/Key_derivation_function) (KDF).
 Those can for instance be used to derive symmetric key material from a password by repeatedly feeding it through a hash function.
 
-A prominent example of a KDF which is relevant for the OpenPGP specification is the so-called [HKDF](https://en.wikipedia.org/wiki/HKDF) which is based on the [HMAC](https://en.wikipedia.org/wiki/HMAC) message authentication code.
+A prominent example of a KDF which is relevant for the OpenPGP specification is the so-called [HKDF](https://en.wikipedia.org/wiki/HKDF) which is a key derivation function based on the HMAC message authentication code.
 
-More information on KDFs and their use in the OpenPGP protocol can be found in chapters XXX (S2K) and YYY (SEIPDv2).
+More information on KDFs and their use in the OpenPGP protocol can be found in chapters [5](encrypted_secrets) and 10 (SEIPDv2).
 
 ## Symmetric-key cryptography