Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

iaik.me.security
Class Mac

java.lang.Object
  |
  +--iaik.me.security.Mac
public class Mac
extends Object

This class extends the javax.crypto.MACSpi class for providing the functionality of the HMAC(Keyed-Hashing for Message Authentication) algorithm, as specified in RFC 2104.

This class itself is extended by HMacMd5 and HMacSha for using the Md5 respectively SHA message digest algorithm as hash functions for HMAC computation.

Both hash functions stated above process data in blocks of 64 bytes. For HMAC computation based on Md5 or SHA, the secret authentication key to be used may be of any length up to 64 bytes. If the key is longer than 64 bytes, it is hashed by the actual hash function in use (before feeding it to the HMAC algorithm), yielding to a key length denoted by the hash size of the actual hash function (i.e. 16 bytes for Md5 and 20 bytes for SHA). It is recommended by RFC 2104 not to use keys of a length shorter than the hash output size of the hash function in use.

Any application dealing with MAC computation, uses the getInstance method of the MAC class for creating a MAC object.

A Message Authentiction Code (MAC) denotes a cryptocraphic checksum, which is derived by processing some given message (or the authentication elements of the message) using a secret key. A MAC computation that involves some cryptographic hash function is denoted as HMAC (as specified in RFC 2104). Since a secret key is used for processing the message, the resulting (H)MAC only can be verified with the same key, meaning that - in contrast to digital signing where anyone can verify a signature by using the public key matching to the private key that have been used for signing - only the holder of the same secret key ís able to verifiy the MAC. Commonly, only the addressed receiver(s) of the message should hold the same secret key.

MAC computation can be used for providing integrity without secrecy. The sender uses his secret key for computing the MAC of the message to be sent, appends the MAC to the original message and sends both to the communication partner. The receiver recalculates the MAC and compares it with the transmitted MAC to ensure the integrity of the received data.

An application wishing to perform a MAC computation, at first has to create a MAC object by instantiating the MAC class through a proper getInstance factory method thereby specifying the MAC algorithm to be used. Calculating, for instance, a HMAC based on the SHA-1 hash algorithm, may be initiated as follows: 

 MAC sha_HMAC = MAC.getInstance("HMAC/SHA");

After properly initializing the MAC object with one entity´s secret key, the data to be processed is applied by one (or more) calls to the update methods. The MAC computation is concluded by using doFinal. If the data can be processed without calling any update method, doFinal can be called immediately after initializing the MAC object: 

 sha_HMAC.init(secret_key);
 byte[] mac_data = sha_HMAC.doFinal(data);

After the MAC finally has been calculated, the MAC object automatically is reset for being able to be used for further MAC computations, either by using the same secret key again, or using a new key by properly re-initializing this MAC object.

IAIK-JCE supports HMAC computation based on the SHA-1 and Md5 hash algorithms.

See Also:
HMacSha, HMacMd5

Constructor Summary
protected Mac()
           
protected Mac(MessageDigest md)
           
 
Method Summary
 byte[] doFinal()
           
 byte[] doFinal(byte[] data)
           
 int doFinal(byte[] output, int offset)
           
static Mac getInstance(String algorithm)
           
 int getMacLength()
          Returns the length of the calculated MAC value in bytes.
 void init(CryptoBag key, CryptoBag params)
           
static void register(String name, String clazz)
           
 void reset()
          Resets this Mac object for being able to be used for further MAC computations, either by using the same secret key again, or using a new key by properly re-initializing this MAC object.
 void update(byte b)
           
 void update(byte[] input)
           
 void update(byte[] input, int offset, int len)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

Mac

protected Mac()

Mac

protected Mac(MessageDigest md)
Method Detail

getMacLength

public int getMacLength()
Returns the length of the calculated MAC value in bytes.
Returns:
the MAC value length in bytes.

init

public void init(CryptoBag key,
                 CryptoBag params)
          throws CryptoException

update

public final void update(byte b)

update

public final void update(byte[] input)

update

public void update(byte[] input,
                   int offset,
                   int len)

reset

public void reset()
Resets this Mac object for being able to be used for further MAC computations, either by using the same secret key again, or using a new key by properly re-initializing this MAC object.

doFinal

public int doFinal(byte[] output,
                   int offset)

doFinal

public final byte[] doFinal()

doFinal

public final byte[] doFinal(byte[] data)

getInstance

public static Mac getInstance(String algorithm)
                       throws CryptoException

register

public static void register(String name,
                            String clazz)
Overview  Package   Class  Tree  Deprecated  Index  Help 
This Javadoc may contain text parts from IETF Internet Standard specifications, see copyright note) and RSA Data Security Public-Key Cryptography Standards (see copyright note).
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
IAIK-JCE ME 3.04, (c) 2002 IAIK, (c) 2003 to 2006 Stiftung SIC