Skip to main content

7.1.2. PBMAC1 Verification Operation

7.1.2. PBMAC1 Verification Operation

The MAC verification operation for PBMAC1 consists of the following steps, which process a message M under a password P to verify a message authentication code T:

  1. Obtain the salt S and the iteration count c.

  2. Obtain the key length in octets, dkLen, for the derived key for the underlying message authentication scheme.

  3. Apply the selected key derivation function to the password P, the salt S, and the iteration count c to produce a derived key DK of length dkLen octets:

    DK = KDF (P, S, c, dkLen)
  4. Process the message M with the underlying message authentication scheme under the derived key DK to verify the message authentication code T.

  5. If the message authentication code verifies, output "correct"; else output "incorrect".