Skip to main content

B.3.2. HMAC-SHA-2

B.3.2. HMAC-SHA-2

HMAC-SHA-2 refers to the set of HMAC message authentication schemes [NIST198] based on the SHA-2 functions [NIST180]. HMAC-SHA-2 has a variable key length and a message authentication code whose length is based on the hash function chosen (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256) -- that is, 28, 32, 48, or 64 octets.

The object identifiers id-hmacWithSHA224, id-hmacWithSHA256, id-hmacWithSHA384, id-hmacWithSHA512, id-hmacWithSHA512-224, and id-hmacWithSHA512-256 (see Appendix B.1.2) identify the HMAC-SHA-2 schemes. The object identifiers are the same for both the pseudorandom functions and the message authentication schemes; the distinction is to be understood by context. These object identifiers are intended to be employed in the object set PBMAC1-Macs (Appendix A.5).