Skip to main content

7.1. PBMAC1

7.1. PBMAC1

PBMAC1 combines a password-based key derivation function, which shall be PBKDF2 (Section 5.2) for this version of PKCS #5, with an underlying message authentication scheme (see Appendix B.3 for an example). The key length and any other parameters for the underlying message authentication scheme depend on the scheme.

7.1.1. PBMAC1 Generation Operation

The MAC generation operation for PBMAC1 consists of the following steps, which process a message M under a password P to generate a message authentication code T, applying a selected key derivation function KDF and a selected underlying message authentication scheme:

  1. Select a salt S and an iteration count c, as outlined in Section 4.

  2. Select a key length in octets, dkLen, for the derived key for the underlying message authentication function.

  3. Apply the selected key derivation function to the password P, the salt S, and the iteration count c to produce a derived key DK of length dkLen octets:

    DK = KDF (P, S, c, dkLen)

  4. Process the message M with the underlying message authentication scheme under the derived key DK to generate a message authentication code T.

  5. Output the message authentication code T.

The salt S, the iteration count c, the key length dkLen, and identifiers for the key derivation function and underlying message authentication scheme may be conveyed to the party performing verification in an AlgorithmIdentifier value (see Appendix A.5).

7.1.2. PBMAC1 Verification Operation

The MAC verification operation for PBMAC1 consists of the following steps, which process a message M under a password P to verify a message authentication code T:

  1. Obtain the salt S and the iteration count c.

  2. Obtain the key length in octets, dkLen, for the derived key for the underlying message authentication scheme.

  3. Apply the selected key derivation function to the password P, the salt S, and the iteration count c to produce a derived key DK of length dkLen octets:

    DK = KDF (P, S, c, dkLen)

  4. Process the message M with the underlying message authentication scheme under the derived key DK to verify the message authentication code T.

  5. If the message authentication code verifies, output "correct"; else output "incorrect".

Last updated on