没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
FIPS PUB 198
FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION
The Keyed-Hash Message Authentication Code
(HMAC)
CATEGORY: COMPUTER SECURITY SUBCATEGORY: CRYPTOGRAPHY
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8900
Issued March 6, 2002
U.S. Department of Commerce
Donald L. Evans, Secretary
Technology Administration
Philip J. Bond, Under Secretary
National Institute of Standards and Technology
Arden L. Bement, Jr., Director
ii
Foreword
The Federal Information Processing Standards Publication Series of the National Institute
of Standards and Technology (NIST) is the official series of publications relating to
standards and guidelines adopted and promulgated under the provisions of Section 5131
of the Information Technology Management Reform Act of 1996 (Public Law 104-106)
and the Computer Security Act of 1987 (Public Law 100-235). These mandates have
given the Secretary of Commerce and NIST important responsibilities for improving the
utilization and management of computer and related telecommunications systems in the
Federal government. The NIST, through its Information Technology Laboratory,
provides leadership, technical guidance, and coordination of government efforts in the
development of standards and guidelines in these areas.
Comments concerning Federal Information Processing Standards Publications are
welcomed and should be addressed to the Director, Information Technology Laboratory,
National Institute of Standards and Technology, 100 Bureau Drive, Stop 8900,
Gaithersburg, MD 20899-8900.
William Mehuron, Director
Information Technology
Laboratory
Abstract
This standard describes a keyed-hash message authentication code (HMAC), a
mechanism for message authentication using cryptographic hash functions. HMAC can
be used with any iterative Approved cryptographic hash function, in combination with a
shared secret key. The cryptographic strength of HMAC depends on the properties of the
underlying hash function. The HMAC specification in this standard is a generalization of
Internet RFC 2104, HMAC, Keyed-Hashing for Message Authentication, and ANSI
X9.71, Keyed Hash Message Authentication Code.
Keywords: computer security, cryptography, HMAC, MAC, message authentication,
Federal Information Processing Standard (FIPS).
iii
Federal Information Processing Standards Publication 198
2002 March 6
Announcing the Standard for
The Keyed-Hash Message Authentication Code (HMAC)
Federal Information Processing Standards Publications (FIPS PUBS) are issued by the
National Institute of Standards and Technology (NIST) after approval by the Secretary of
Commerce pursuant to Section 5131 of the Information Technology Management Reform
Act of 1996 (Public Law 104-106) and the Computer Security Act of 1987 (Public Law
100-235).
1. Name of Standard. Keyed-Hash Message Authentication Code (HMAC) (FIPS
PUB 198).
2. Category of Standard. Computer Security Standard. Subcategory. Cryptography.
3. Explanation. This standard specifies an algorithm for applications requiring message
authentication. Message authentication is achieved via the construction of a message
authentication code (MAC). MACs based on cryptographic hash functions are known as
HMACs.
The purpose of a MAC is to authenticate both the source of a message and its integrity
without the use of any additional mechanisms. HMACs have two functionally distinct
parameters, a message input and a secret key known only to the message originator and
intended receiver(s). Additional applications of keyed-hash functions include their use in
challenge-response identification protocols for computing responses, which are a function
of both a secret key and a challenge message.
An HMAC function is used by the message sender to produce a value (the MAC) that is
formed by condensing the secret key and the message input. The MAC is typically sent to
the message receiver along with the message. The receiver computes the MAC on the
received message using the same key and HMAC function as was used by the sender, and
compares the result computed with the received MAC. If the two values match, the
message has been correctly received, and the receiver is assured that the sender is a
member of the community of users that share the key.
The HMAC specification in this standard is a generalization of HMAC as specified in
Internet RFC 2104, HMAC, Keyed-Hashing for Message Authentication, and ANSI
X9.71, Keyed Hash Message Authentication Code.
4. Approving Authority. Secretary of Commerce.
iv
5. Maintenance Agency. Department of Commerce, National Institute of Standards
and Technology, Information Technology Laboratory (ITL).
6. Applicability. This standard is applicable to all Federal departments and agencies for
the protection of sensitive unclassified information that is not subject to section 2315 of
Title 10, United States Code, or section 3502(2) of Title 44, United States Code. This
standard shall be used in designing, acquiring and implementing keyed-hash message
authentication techniques in systems that Federal departments and agencies operate or
which are operated for them under contract. The adoption and use of this standard is
available on a voluntary basis to private and commercial organizations.
7. Specifications. Federal Information Processing Standard (FIPS) 198, Keyed-Hash
Message Authentication Code (HMAC) (affixed).
8. Implementations. The authentication mechanism described in this standard may be
implemented in software, firmware, hardware, or any combination thereof. NIST has
developed a Cryptographic Module Validation Program that will test implementations for
conformance with this HMAC standard. Information on this program is available at
http://csrc.nist.gov/cryptval/.
Agencies are advised that keys used for HMAC applications should not be used for other
purposes.
9. Other Approved Security Functions. HMAC implementations that comply with this
standard shall employ cryptographic algorithms, cryptographic key generation algorithms
and key management techniques that have been approved for protecting Federal
government sensitive information. Approved cryptographic algorithms and techniques
include those that are either:
a. specified in a Federal Information Processing Standard (FIPS),
b. adopted in a FIPS or NIST Recommendation and specified either in an appendix to
the FIPS or NIST Recommendation or in a document referenced by the FIPS or
NIST Recommendation, or
c. specified in the list of Approved security functions for FIPS 140-2.
10. Export Control. Certain cryptographic devices and technical data regarding them
are subject to Federal export controls. Exports of cryptographic modules implementing
this standard and technical data regarding them must comply with these Federal
regulations and be licensed by the Bureau of Export Administration of the U.S.
Department of Commerce. Applicable Federal government export controls are specified
in Title 15, Code of Federal Regulations (CFR) Part 740.17; Title 15, CFR Part 742; and
Title 15, CFR Part 774, Category 5, Part 2.
11. Implementation Schedule. This standard becomes effective on September 6, 2002.
剩余19页未读,继续阅读
资源评论
- lxinxie2012-11-13很全面,很感谢!
littlelucky
- 粉丝: 0
- 资源: 24
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功