Date: Wed, 7 May 1997 12:23:45 -0700
From: David.Brownell@Eng (David Brownell)
Message-Id: <199705071923.MAA05634@argon.eng.sun.com>
To: java-security@web2.javasoft.com, burnettS@RSA.COM
Subject: Re: HMAC in the Security layer
> HMAC is generally considered a kind of message digest.
Actually, I know many folk who consider MACs to be like private key
signatures ... :-)
> Suppose I want
> to implement it in the JDK 1.1 layer. Should it be part of the
> MessageDigest class?
Seems slightly more like a signature to me, in concept, and those
APIs fit better ... operations are sign and verify, it's just the
initialization that acts odd (you use shared/secret keys, not
public and private keys).
> If so, I'll need a way to initialize the object
> with a secret key. If not, where would it belong? The DESMAC is another
> example, but I doubt that algorithm is implemented as much as HMAC is
> (HMAC is part of the SET standard).
HMAC is also used in TLS and IPSEC. I'm actually happy to treat HMAC
as a construct that one implements in terms of lower level APIs, but
it's an interesting point that it could realistically look just like
one of those APIs.
- Dave