Search This Blog

Jun 14, 2011

Hash-based Message Authentication Code Insight

Hash-based Message Authentication Code also known as HMAC is a specific construction in order to calculate a MAC or Message Authentication Code which primarily include cryptographic hash function that combined with secret key.

It is used to test the integrity and authenticity of a message. Most common HMAC Function is MD5 and SHA-1. Strength of the HMAC is based on the following.

1. The size of its HASH Output in bits
2. The quality and size of the KEY.

HMAC is commonly used in online transactions such as online orders. (e-commerce). The flow is that customer orders are encrypted with a secret key from the time it was processed. Then the owner, knowing the secret key will digest the encrypted order and confirm it if it’s not tampered.

HMAC sample Function

* initialize key and message
* call function hmac

$key = '4554ddeedd';
$message ='this is your message before encryption';

$encrypted_message = hmac($key, $message);

echo encrypted_message;
function hmac ($key, $data)
// RFC 2104 HMAC implementation for php.
// Creates an md5 HMAC.

$b = 64; // byte length for md5
if (strlen($key) > $b) {
$key = pack("H*",md5($key));
$key = str_pad($key, $b, chr(0x00));
$ipad = str_pad('', $b, chr(0x36));
$opad = str_pad('', $b, chr(0x5c));
$k_ipad = $key ^ $ipad ;
$k_opad = $key ^ $opad;

return md5($k_opad . pack("H*",md5($k_ipad . $data)));

hope it helps. View Regular Expression Sample.


Anonymous said...

Great post..