Encryption Help - Message Authentication.

Hey guys, sorry if this is already discussed somewhere, but I can't find anything.

I have a basic encryption program using the publicly available BlowFish class using CBC to encrypt/decrypt strings.

I cannot seem to find any good information on how to create a HMAC or CMAC for message authentication.

I have several hashing classes i can add to my project already like MD5 and SHA, but what are your recommendations about implementing them for my purposes or secure message communication?

Thank you.

To make things a little clearer in my questioning, does anybody have a recommendation for how to handle Message Authentication Code (CMAC or HMAC) for encrypting strings?

Should I hash the entire message itself and then add the hashed value as a header to the message for comparison on the other end? Should i hash the key instead and add it to the message?

Any thoughts on AES-CMAC?

Thank you

Any chance and admin could change the Title to something like "Encryption message authentication help"?

I realized after I submitted the question that the title was rather confusing.

Plus, I still need some input as to which direction to go.

Thank You.

Quote:

---

Originally Posted by Capp

Any chance and admin could change the Title to something like "Encryption message authentication help"?

---

You can change it yourself - just click "Edit" on the first post, then "Go advanced". :)

Quote:

---

Originally Posted by si_the_geek

You can change it yourself - just click "Edit" on the first post, then "Go advanced". :)

---

Oh duh! I completely forgot that is an option here. Some forums have it locked. My apologies. Updated.

Hopeful Bump

I believe the usual approach is to pass the message itself as plaintext, along with a cryptographic hash that serves as a signature and checksum.

A simple approach could rely on a shared secret passphrase to create an MD5 hash of the message. This is often more than good enough, and can be done using more robust hashes like SHA-1 instead.

HMAC describes a way of doing this that doesn't have the vulnerabilities of the simple approach. The process is described in text, symbolic notation, and in pseudocode.

Quote:

---

Originally Posted by dilettante

I believe the usual approach is to pass the message itself as plaintext, along with a cryptographic hash that serves as a signature and checksum.

A simple approach could rely on a shared secret passphrase to create an MD5 hash of the message. This is often more than good enough, and can be done using more robust hashes like SHA-1 instead.

HMAC describes a way of doing this that doesn't have the vulnerabilities of the simple approach. The process is described in text, symbolic notation, and in pseudocode.

---

I've read that article and several of the ones that link off it. But all the examples, and pseudocode are for languages other than VB.

Can you please help me translate this into how I would use this in VB, I'm having trouble figuring out where to begin. Any classes/modules you can recommend I download to see it in code form?

With my current program, I have a secret key I enter and a message and the message is encrypted using BlowFish and the secret key. That covers the privacy of the message, but I need to figure out how to implement the HMAC into my program to ensure Message Integrity.

Thank you by the way :)

I guess this is the most challenging question I've ever posted. Asked it on the VB Newsgroup forum over at MS and haven't gotten a single reply either.

I'm not sure whre you think Blowfish comes in. An HMAC is based on a hash, and doesn't involve encrypting text as far as I can tell.

If all you need is a sort of message signature you can just use a hash such as MD5. Generally people salt the message, but aside from that they don't do anything special. It appears that HMAC is just a fancy way of salting anyway.

You send the message and the hash, the other end recalculates the hash and compares it with the transmitted hash.


HMAC seems to just be a suggested method of making the hash "stronger" than using it the normal way.

As far as I know there isn't any "standard" you can write code for. To use a hash or even an HMAC as s signature you'll probably have to write both ends (sender and receiver). Then depending on your messaging format you'll have to decide how to send both the message and the hash. Just as SMTP email contains multiple "fields" (such as the Subject, Body, etc.) you'll have to do the same.

Or is there some pre-existing product you are trying to be compatible with?


In truth I think the challenge here is that you haven't been specific enough about what you're trying to do. Something like an HMAC only has meaning in the context in which you use it.

Can you tell us anything more about what you're actually trying to do?

Ok, nobody jumped in so I took a whack at converting the pseudocode.

I'm using MD5 for the Hash() function here, since I had a wrapper for the API calls handy.

I can't say there aren't bugs, and it isn't optimal (for example the Cat() function could use CopyMemory() and be faster). It also assumes the Key and the Message are from the ANSI subset of the current locale but you could use full Unicode for either or both if desired. Just remove the StrConv() calls.

My reasoning for mention Blowfish was not because I thought it had anything to do with the HMAC process, it was because I have been speaking with a certified Cryptographic Expert over my existing code.
Here is what he said:

Quote:

---

On top of that, I see no mention of message authentication. With encryption, you're preserving confidentiality; with authentication, you're preserving integrity. Best practice suggests computing a MAC (Message Authentication Code) on the ciphertext of an encryption scheme that's secure against adaptive chosen-plaintext attacks; that means computing AES-CMAC on the ciphertext of AES-CBC, for example.

---

But, since I'm using Blowfish with CBC instead of AES-CBC, I wanted anyone that tried to help me to know that.

So, going with what he mentioned, I am trying to find the best way to implement that.

I have looked over MD5 and SHA1 hashing and have found plenty of classes to help implement it code wise, but as far as how to process the entire thing for my program, I needed some help.

So are you recommend I do something like this:

1. User enters secret key and message to be encrypted.
2. Calculate Hash of entire message.
3. Encrypt message.
4. Store the hash within the string of encrypted text as one big string.
5. On the receiving end, trim the Hash from the string, recalculate the hash of the message and compare. IF it matches, then proceed to decrypt the message.

Does that process sound about right? Do you have any input on what the other gentleman told me?

Thank You very much!

I believe the thing a user enters is called a passphrase. Part of the encryption process generates a key from that internally for use during encryption.

From what I saw of the HMAC description it also requires a key of a sort, but this also appears to be more of a passphrase. Rather than being either passphrase or key, it really appears to be a "secret" input used to create a fancy hash salt for use in creating the message hash.

This would seem to present the need for a user to enter two secrets. However perhaps it is normal practice for the HMAC "key" to be hard-coded?


I'm sure all of this complexity arises from the need to make encryption stronger over time as the software and hardware that can be devoted to breaking ciphers grows in capabilities. I'm not a cryptographer and I won't pretend to be one. I can theorize all day but I'm no authority.

The steps I think I would follow are:

1. Accept a message and encryption passphrase from the sender.
2. Encrypt the message.
3. Generate the HMAC over the encrypted message using a hard-coded "key."
4. Send both the encrypted message and the HMAC to the recipient.
5. Generate the HMAC using the same hard-coded "key" and compare it with the transmitted HMAC. If equal then:
6. Accept the encryption passphrase from the recipient.
7. Decrypt the message.

You haven't mentioned a transmission protocol, but in any case you'll require some form of "message envelope" to send the ciphertext of the message and the HMAC. You might even need to send this through a 7-bit ASCII medium, in which case base64 encoding might make sense.

You could send both items combined in one "blob" or as separate "blobs." But in any case you'll need to be able to find and break out the two items at the recipient.


If you're sending over raw TCP you could do something simple:

Code:

---

[length][HMAC][ciphertext]

---

The [length] could be a 4-byte integer of the full length of itself plus the two data items. Your [HMAC] would be of a fixed length, so just subtract that length plus 4 from [length] to determine the length of the [ciphertext]. Send both [HMAC] and [ciphertext] as binary bytes following the 4 bytes of [length].

If you must send the data over a more complex medium with existing rules (SMTP mail?) there are standard choices available for binary attachments and such.


I would think the basic ideas would be the same using Blowfish CBC and CMAC. However you are venturing into hazardous territory: getting cryptographic logic correct is very difficult, and the more complexity you heap on the more difficult things get. Isn't there a proven commercial product you can use?

Right, the user enters the Passphrase, or some just call it the secret key.

This is all for a commercial program I have written. I've been working on this for months and my implementation of the encryption processes has been reviewed, extensively tested and approved.

But, as I quoted above, I had not implemented any form of message integrity. He is not a coder by any means so he couldn't give me any insight as to which route to go, so I came here.

Thank you for your help by the way :).

The program is very simple text encryption program. That is it. It doesn't do anything to files, save nor transmit any data. It allows the user to type a long message of their choice, or copy and paste text into it, enter a key (passphrase) and encrypt it. If they choose to save it to file, or email it as is, that is up to the user. But anyway...

I had done quite a bit of research and testing with implementing the ability to hash a blob of text with MD5 and SHA1, but was lost when it came to how to transmit the hash.
I want this to be as simple as possible so that all a user has to share with user number 2 is the secret passphrase to be able to decrypt the message.

Anyway, you have given me a REALLY good headstart as to which direction to go with this and I can't think you enough.
If you have any additional insight, I'm all ears :thumb:

If you simply need to write these to disk a simple approach suggests itself.

Depending on your hash technology the HMAC/CMAC may be of a fixed length. So just write these bytes to disk followed by the bytes of the ciphertext. If your chosen approach results in a variable length hash you might write its length as a prefix, then the hash, and finally the ciphertext.

When reading/decrypting you'd grab the length (if you used one), then grab "length" bytes as the hash, then grab everything else until EOF as the ciphertext:

[length][hash][ciphertext][EOF]

You could also use the other arrangement (provide the length of the ciphertext):

[length][ciphertext][hash][EOF]