Message authentication plays an important role in identity authentication and is an important part of the authentication system. It is widely used in financial and commercial systems.
Message authentication code (Message Authentication Code, or MAC) is commonly used as the basis for authentication.
The basic principle is: use a key (private key) to generate a small data block and append it to the message to be transmitted. This technology assumes that both communicating parties share a key K. When one communicating party wants to transmit data M to the other party, the MAC of the message M is calculated through a specific algorithm = F (K, M), where F is Refers to the authentication operation function, and then the message data M and MAC are sent to the other party together. When the other party receives the data, it first uses the same algorithm F to calculate the MAC and compares it with the transmitted MAC. If it is the same, the data is considered correct. The authentication function is often considered to be a type of encryption algorithm, but the difference is that it is not used for inverse operations and has a certain degree of security. Usually, different application systems use their own specific authentication functions, which ensures data security to a certain extent.
From j2sdk1.4 onwards, Java provides javax.crypto.Mac class message authentication.
view plaincopy to clipboardprint?
byte[] macData = "this is a mac test".getBytes(); //get an instance of Mac, using HmacMD5 algorithm
Mac mac = Mac.getInstance("HmacMD5"); //init the IV of the algorithm, 8 bytes. may read from file
byte[] ivInitKey = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 };
IvParameterSpec spec = new IvParameterSpec(ivInitKey); // the secrete key bytes of the Mac validation, May read from file too
byte[] keyBytes = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }; //generate the secrete Key Object using secrete bytes and DESede algorithm
SecretKey key = new SecretKeySpec(keyBytes, "DESede"); // init Mac mac.init(key, spec);
byte[] macCode = mac.doFinal(macData);
byte[] macData = "this is a mac test".getBytes(); //get an instance of Mac, using HmacMD5 algorithm
Mac mac = Mac.getInstance("HmacMD5"); //init the IV of the algorithm, 8 bytes. may read from file
byte[] ivInitKey = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 };
IvParameterSpec spec = new IvParameterSpec(ivInitKey); // the secrete key bytes of the Mac validation, May read from file too
byte[] keyBytes = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }; //generate the secrete Key Object using secrete bytes and DESede algorithm
SecretKey key = new SecretKeySpec(keyBytes, "DESede"); // init Mac mac.init(key, spec);
byte[] macCode = mac.doFinal(macData);
macCode is the generated Mac, and the same mac can be generated with the same key.
As long as the communicating parties ensure that they use the same key, they can ensure that they get the same Mac to achieve the purpose of message verification.
It seems that this is the same principle as the checksum commonly used on the Internet.
-