vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2024-11-23 08:02:05 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add section on HMAC

Browse source
This commit is contained in:
Paul Schaub 2023-10-23 13:04:42 +02:00
parent 0b078830f2
commit e4164aab4d
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
book/source/03-cryptography.md
View file

@ -16,14 +16,22 @@ Here are two important properties of cryptographic hash functions:
- ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash value, it should be very difficult to determine the original data it represents. - ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash value, it should be very difficult to determine the original data it represents.
- ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash value. - ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash value.
## Message Authentication Codes
[Message Authentication Codes](https://en.wikipedia.org/wiki/Message_authentication_code) (MAC, also called authentication tags) are small pieces of information, which can be used to verify the integrity and authenticity of a message.
They are calculated over the original message using a (symmetric) secret key.
The recipient of a message containing a MAC, who is also in posession of the secret key can verify that the message has not been tampered with.
[HMAC](https://en.wikipedia.org/wiki/HMAC) is a hash-based message authentication code, which is used in the OpenPGP protocol.
### Key Derivation Functions ### Key Derivation Functions
Hash functions can also be used to construct [key derivation functions](https://en.wikipedia.org/wiki/Key_derivation_function) (KDF). Hash functions can also be used to construct [key derivation functions](https://en.wikipedia.org/wiki/Key_derivation_function) (KDF).
Those can for instance be used to derive symmetric key material from a password by repeatedly feeding it through a hash function. Those can for instance be used to derive symmetric key material from a password by repeatedly feeding it through a hash function.
A prominent example of a KDF which is relevant for the OpenPGP specification is the so-called [HKDF](https://en.wikipedia.org/wiki/HKDF) which is based on the [HMAC](https://en.wikipedia.org/wiki/HMAC) message authentication code. A prominent example of a KDF which is relevant for the OpenPGP specification is the so-called [HKDF](https://en.wikipedia.org/wiki/HKDF) which is a key derivation function based on the HMAC message authentication code.
More information on KDFs and their use in the OpenPGP protocol can be found in chapters XXX (S2K) and YYY (SEIPDv2). More information on KDFs and their use in the OpenPGP protocol can be found in chapters [5](encrypted_secrets) and 10 (SEIPDv2).
## Symmetric-key cryptography ## Symmetric-key cryptography