Does it require HMAC to be hashed after AES encryption?

Is HMAC required after AES encryption? Security discussion

When learning the Go language encryption library, you may notice AES encryption, especially CBC mode, and it is recommended to use HMAC for hash verification. This raises a key question: Do you have to use HMAC after AES encryption?

The answer is: It depends on the situation.

The tips of the Go language standard library emphasize the importance of ciphertext authentication, and it is recommended to use crypto/hmac for hashing to ensure the integrity of the data transmission process and prevent tampering. The receiver verifies the ciphertext by comparing the hash value.

However, the choice of AES encryption mode is crucial. Commonly used modes of AES include CBC and GCM. GCM mode is an AEAD (Authenticated Encryption with Associated Data) mode, which provides both confidentiality and integrity. The GCM encryption process automatically generates authentication tags without additional HMAC processing.

crypto/cipher package of Go provides NewGCM functions to create encryptors in GCM mode. If you use GCM, you don't need HMAC.

However, if you are using AES-CBC mode, since the CBC mode itself does not provide authentication function, it is necessary to combine HMAC to ensure the integrity of the data and prevent the data from being maliciously tampered during transmission.

Summary: HMAC is not necessary when using AES-GCM mode; when using AES-CBC mode, HMAC must be used to ensure data integrity and security. Choosing the appropriate AES mode and deciding whether HMAC is needed based on the mode characteristics is the key to ensuring data security.

The above is the detailed content of Does it require HMAC to be hashed after AES encryption?. For more information, please follow other related articles on the PHP Chinese website!