10

I want to know can symmetric keys be used to sign a message ? We can encrpyt using the shared secret key. Also when symmetric key is used for signing , what API can be used in JAVA to load the key and sign the message ?

if i used Signature from java.security , it has an api initSign but that takes private key from the public/private key pair as the argument to sign the message. Here the key is symmetric key.

Any pointers ?

NH.
  • 2,240
  • 2
  • 23
  • 37
user839917
  • 851
  • 5
  • 13
  • 20

3 Answers3

16

A shared secret key can be used to calculate a Message Authentication Code (MAC), which then can be used to confirm the integrity and authenticity of the message to another party which knows the same shared secret. Unlike digital signatures, which are created using the private key and verified using the public key, MACs do not offer non-repudiation (anyone who can verify the MAC can also generate a MAC for another message).

There are different forms of message authentication codes; probably the most often used variation is HMAC.

Sergey Vlasov
  • 1,038
  • 1
  • 11
  • 22
8

Symmetric algorithms can't give the non-repudiation property that asymmetric signature schemes give, i.e. the receiver of a message can't prove that he didn't create the message themselves, as they have to know the scheme.

That said, a message authentication code (MAC) can give you what you want: Both sender and receiver have a shared key, the sender calculates a MAC with the secret and appends it to the message, and the receiver calculates the same MAC and compares it with the received message.

While the most often used MAC type (HMAC) is based on hash functions, there are also ones which are based on a block cipher like AES, like CBC-MAC (this is like CBC, but with zero initialization vector and using only the last block as output). (As said by noloader, CBC-MAC is not the most secure way of doing this, use other modes.)

You should use message authentication in most cases where you use encryption, as many encryption schemes are vulnerable to chosen-plaintext attacks.

In Java, a MAC can be calculated (and checked) by using the javax.crypto.Mac class.

Paŭlo Ebermann
  • 73,284
  • 20
  • 146
  • 210
  • 1
    CBC-MAC is broken for variable length messages. A CMAC is a CBC-MAC done right. – jww Nov 28 '11 at 18:14
  • Sorry but i am still not clear. what determines the key size to be used for HMAC ? I understand i can use HMAC over CMAC. But the key that i have is aes 128. Can that be used ? for eg : SecretKey key = new SecretKeySpec(key,"AES") – user839917 Nov 28 '11 at 18:56
  • Preferably, you should use a different (independent) key for MAC and encryption, though HMAC is quite likely different enough so using the same key will not give problems. You can use any key length you want for HMAC (up to the hash functions block length) (though I don't know if your implementation supports it), it will simply be padded with zero to the block length of your hash function. Larger keys give more security, though you will not get better than the hash functions output size (= MAC size). – Paŭlo Ebermann Nov 28 '11 at 19:00
  • @PaŭloEbermann : i want to verify the message which is signed by server using CBCBlockCipherMac but IN SYMBIAN i dont know which class i have to use to generate CBC MAC KEY. anybody know how to generate of this type?? – poppy Sep 03 '12 at 06:29
  • @poppy: The MAC key is simply an arbitrary bit string, of the same length as the underlying block cipher key (i.e. 128 bits for AES-128). Use the cryptographic random number generator of your system (I don't know anything about Symbian, so feel free to ask a new question about this). – Paŭlo Ebermann Sep 04 '12 at 07:34
1

If you want to sign a message using a symmentric key, you want to use a CMAC based on AES (or 3-key TDEA, or Cameilla). CMACs are Message Authentication Codes (MAC) constructed on top of block ciphers. You generally use a CMAC if you are also using AES/3TDEA/Cameilla for encryption (ie, it is handy).

You can also use an HMAC. An HMAC is a Message Authentication Code (MAC) constructed on top of a hash. You would use an HMAC is a hash were already present in the program (ie, it was handy).

When I have both a Block Cipher and Hash present in the program, I generally use an HMAC because its faster.

Finally (for completeness), don't use MD5. Its broken (despite what many in the free software world think). SHA-1 is no longer approved for new applications by bodies such NIST, NESSIE, and ECRYPT. Use the SHA-2 family of hashes, or use Whirlpool.

For the java specific stuff, see Java Cryptography Extensions.

jww
  • 97,681
  • 90
  • 411
  • 885