diff options
author | Werner Koch <wk@gnupg.org> | 2003-08-30 10:05:23 +0000 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2003-08-30 10:05:23 +0000 |
commit | 5dc9baf75b3170fe9db9bb4fd78947c26f11fb51 (patch) | |
tree | 0cdb467f35cd189a0bd5e5635dc8ab5a057e09d5 | |
parent | bdcadfca80673ffa2e46f03fa5e85582f24a50cd (diff) | |
download | libgcrypt-5dc9baf75b3170fe9db9bb4fd78947c26f11fb51.tar.gz |
(Working with hash algorithms): Clarified that HMAC
does not work with all algorithms.
-rw-r--r-- | TODO | 3 | ||||
-rw-r--r-- | doc/ChangeLog | 5 | ||||
-rw-r--r-- | doc/gcrypt.texi | 10 |
3 files changed, 14 insertions, 4 deletions
@@ -25,3 +25,6 @@ the asymmetric ciphers could be changed for convenient interaction with the ac interface (i.e. by using ac's `data sets') and the pk interface could be changed to be a wrapper for the ac interface. + +* HMAC won't work with sha-512 due to the different block size. OTOH, + I can imagine no cryptographic reason to use it. diff --git a/doc/ChangeLog b/doc/ChangeLog index 94badb6f..2e8bb93f 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,8 @@ +2003-08-30 Werner Koch <wk@gnupg.org> + + * gcrypt.texi (Working with hash algorithms): Clarified that HMAC + does not work with all algorithms. + 2003-07-30 Moritz Schulte <moritz@g10code.com> * gcrypt.texi (Available asymmetric algorithms): Mention diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 8a869d5c..e3f103c9 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -1689,10 +1689,12 @@ Allocate all buffers and the resulting digest in "secure memory". Use this is the hashed data is highly confidential. @item GCRY_MD_FLAG_HMAC -Turn the algorithm into a HMAC message authentication algorithm. Note -that the function @code{gcry_md_setkey} must be used set the MAC key. -If you want CBC message authentication codes based on a cipher, see -@xref{Working with cipher handles}. +Turn the algorithm into a HMAC message authentication algorithm. This +does only work if just one algorithm is enabled for the handle and +SHA-384 and SHA512 is not used. Note that the function +@code{gcry_md_setkey} must be used set the MAC key. If you want CBC +message authentication codes based on a cipher, see @xref{Working with +cipher handles}. @end table @c begin table of hash flags |