1

I need to check integrity of high secure system value - in this case encryption key(s)

I would like to create HMAC digest of this user encryption key (key is used in application as a key for AES-256 cipher) to check it's integrity. The encryption key is derived with a KDF from his password and salt, after every user's login into the application. After user registration, I create an integrity HMAC-SHA256 digest for user's encryption key. This digest IMHO shouldn't be kept secret and will be saved with other user data. While user is logging in, I create digest and compare it with saved value of the digest. If both of digests are same, integrity is approved.

-This makes me ask: Is it required to keep keys used for HMAC-SHA256 secured or can I leave it with other user data (non-secure, "in the open")? When a hypothetical opponent gets the key, is it possible for the opponent to restore the original value of an encryption key from a HMAC-SHA256 digest?

Edit

I'm not sure, because I'm thinking; when an opponent doesn't know the "secret value" (application encryption key), the opponent is not able to create the same digest, even if he knows the HMAC-SHA256 key. Is that a correct assumption?

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
jnemecz
  • 155
  • 5

1 Answers1

3

My question: Is required to keep a key for HMAC-SHA256 secured or can I leave it with other user data as non-secure?

If your goal is integrity and you use a HMAC, then it is mandatory to keep the key secret. A public key in HMAC would mean anyone can create valid tags for any message - and integrity is gone.

When hypothetical opponent gets the key, is it possible from HMAC-SHA256 digest restore original encryption key?

No, it should be impossible to find the key from any HMAC value (that would contradict the security definition).

tylo
  • 12,864
  • 26
  • 40