Products
 PRODUCTS Lixus Punic Fenike
Dispatch Efficity Splash Ekho
Ko-pilot Seafront Knit View All Products >>
Solutions
 SOLUTIONS Next Generation Marketing
Next Generation Commerce
Consultancy View All Solutions >>
Customers
Industries
INDUSTRIES   Retail   Consumer Goods   Technology, Media, Telecom   Leisure & Hospitality   Manufacturing   Financial Services   Public Sector
Partners
PARTNERS   Google Cloud   Google Workspace   Google for Education   Looker   Mandiant   HeadSpin
Us
ABOUT US   About Us   Values   Group Companies   Press
CAREER   The Way We Work   Technologies   Working at Kartaca   “Rise Through The Ranks” Program
Contact TR

Golang HMAC Authentication


What is HMAC?

HMAC is an algorithm used to ensure message integrity and authentication. HMAC uses a key to process the message and processes the message and key using a hash function. The processed data outputs a code.
HMAC is used to verify if the original message has been modified. It can also be used to authenticate the message using the correct key.


How does the HMAC algorithm work?


The HMAC algorithm works in two stages:


Combining the key and the message: First of all, it is necessary to combine the key and the message for which the HMAC algorithm will be used. This action is done to prevent the message from being changed. Combining key and message is combined with two fixed values called ipad and opad. The ipad constant is created by repeating the 0x36 byte value. The opad constant is generated by repeating the 0x5c byte value. These two values are used to combine the key and the message.


Using the hash function: In the second step, after the ipad and opad constants are used to combine the key and the message, the processed data is obtained using a hash function. The HMAC algorithm can use different hash functions, but usually, SHA-256 or SHA-512 is used. The hash function generates a code by working on the processed data. This code is used to verify the authenticity of the message and to authenticate the message.


Which hash function does the HMAC algorithm use?

 

HMAC can use various hash functions such as MD5, SHA-1, SHA-256, SHA-384, and SHA-512 as hash functions. Among them, the most widely used are SHA-256 and SHA-512.


What are the advantages and disadvantages of the HMAC algorithm?

 

Advantages
• HMAC provides both message integrity and authentication.
• HMAC can use various hash functions and modify them to make them more secure.
• HMAC is very fast and efficient.


Disadvantages
• HMAC requires the key to be shared, so it is necessary to store the key securely.
• HMAC can be easily predictable at times.


Example of HMAC Middleware with Golang

 

The code that appears above defines a middleware function called hmacMiddleware. This function takes a key parameter called secretKey and performs an HMAC operation using that key. This HMAC value is then appended to the HTTP request header.
Using the router.Use method, the hmacMiddleware function is used as a middleware provided by gin. This middleware works on the GET request to the /message URL and validates the HMAC value. If the HMAC value is not correct, the HTTP response 401 Unauthorized is returned.


The submitForm function encrypts it with data and key parameters and adds it as a header.


In this blog post, we examined the advantages and disadvantages of HMAC, how it works, and examples on Golang. The advantages of HMAC include greater reliability in terms of security, flexibility, portability, and performance. Among the disadvantages of HMAC are issues such as key management and key length. I hope it was enjoyable and useful ❤


Sources:

HMAC (Hash-Based Message Authentication Codes) Definition | Okta
HMAC ipad and opad choice | Cryptography
HMAC | Wikipedia
HMAC | Documentation

TL;DR

What is HMAC?

HMAC is an algorithm used to ensure message integrity and authentication. HMAC uses a key to process the message and processes the message and key using a hash function. The processed data outputs a code. HMAC is used to verify if the original message has been modified. It can also be used to authenticate the message using the correct key.

How does the HMAC algorithm work?

The HMAC algorithm works in two stages: 1. Combining the key and the message: First of all, it is necessary to combine the key and the message for which the HMAC algorithm will be used. This action is done to prevent the message from being changed. Combining key and message is combined with two fixed values called ipad and opad. The ipad constant is created by repeating the 0x36 byte value. The opad constant is generated by repeating the 0x5c byte value. These two values are used to combine the key and the message. 2. Using the hash function: In the second step, after the ipad and opad constants are used to combine the key and the message, the processed data is obtained using a hash function. The HMAC algorithm can use different hash functions, but usually, SHA-256 or SHA-512 is used. The hash function generates a code by working on the processed data. This code is used to verify the authenticity of the message and to authenticate the message.

Which hash function does the HMAC algorithm use?

HMAC can use various hash functions such as MD5, SHA-1, SHA-256, SHA-384, and SHA-512 as hash functions. Among them, the most widely used are SHA-256 and SHA-512.


Author: Baran Can Atbaş

Published on: Apr 12, 2023

 

Similar Posts

Golang HMAC Authentication

Apr 12, 2023 | Golang

Pub/Sub Pattern in Golang

Apr 7, 2023 | Golang

Popular Posts

Inspiring Quotes for Software Developers

Jun 12, 2020 | Programming

Web Scraping Automation with Google Cloud Services

Nov 30, 2023 | Cloud

K3S Kubernetes Cluster Setup with K3D

Jul 13, 2021 | DevOps

The Language of the Changing World: VUCA and BANI

Jun 28, 2022 | Digital Marketing

Components of OpenStack

Dec 7, 2017 | Cloud
Show More Popular Posts >> Hide Popular Posts >>

Topics

All Agile Methodology AI and ML (6) Android Anthos Application Modernization B2B Marketing (5) Bamboo C++ Chef ClickHouse Cloud (36) Cloud Migration (9) Consumer Goods Data Analytics (14) Database (3) DevOps (12) Digital Marketing (9) Digital Native Businesses (2) Disaster Recovery Django (2) E-Commerce (5) Education Energy Sector Financial Services Flutter Gaming Git Golang (2) Google Cloud (6) Healthcare Helm History of Development (2) HR Practices (5) Hybrid and Multi Cloud (6) Industry Cloud (11) IT JavaScript Kubernetes (5) Leisure and Hospitality Linux (6) Logistics and Supply Chain Loyalty Marketing (4) Machine Learning (2) Manufacturing MariaDB Mobile App Development (2) MySQL Open Source (28) OpenStack (4) Payment Systems (2) PostgreSQL Programming (2) Project Methodologies Public Sector Python (7) Recruitment (5) Resilience Retail (5) Rise Through The Ranks Security (3) Selenium (2) SMBs (2) Sustainability (3) System Architecture (3) Tech Stack (26) Technology, Media, Telecom Terraform Testing (4) Transportation Version Control Women in STEM (3)
Show More Topics >> Hide Topics >>