Golang HMAC Authentication

What is HMAC?
HMAC is an algorithm used to ensure message integrity and authentication. HMAC uses a key to process the message and processes the message and key using a hash function. The processed data outputs a code. HMAC is used to verify if the original message has been modified. It can also be used to authenticate the message using the correct key.
How does the HMAC algorithm work?

The HMAC algorithm works in two stages:
Combining the key and the message: First of all, it is necessary to combine the key and the message for which the HMAC algorithm will be used. This action is done to prevent the message from being changed. Combining key and message is combined with two fixed values called ipad and opad. The ipad constant is created by repeating the 0x36 byte value. The opad constant is generated by repeating the 0x5c byte value. These two values are used to combine the key and the message.
Using the hash function: In the second step, after the ipad and opad constants are used to combine the key and the message, the processed data is obtained using a hash function. The HMAC algorithm can use different hash functions, but usually, SHA-256 or SHA-512 is used. The hash function generates a code by working on the processed data. This code is used to verify the authenticity of the message and to authenticate the message.
Which hash function does the HMAC algorithm use?
HMAC can use various hash functions such as MD5, SHA-1, SHA-256, SHA-384, and SHA-512 as hash functions. Among them, the most widely used are SHA-256 and SHA-512.
What are the advantages and disadvantages of the HMAC algorithm?
Advantages • HMAC provides both message integrity and authentication. • HMAC can use various hash functions and modify them to make them more secure. • HMAC is very fast and efficient.
Disadvantages • HMAC requires the key to be shared, so it is necessary to store the key securely. • HMAC can be easily predictable at times.
Example of HMAC Middleware with Golang

The code that appears above defines a middleware function called hmacMiddleware. This function takes a key parameter called secretKey and performs an HMAC operation using that key. This HMAC value is then appended to the HTTP request header. Using the router.Use method, the hmacMiddleware function is used as a middleware provided by gin. This middleware works on the GET request to the /message URL and validates the HMAC value. If the HMAC value is not correct, the HTTP response 401 Unauthorized is returned.

The submitForm function encrypts it with data and key parameters and adds it as a header.
In this blog post, we examined the advantages and disadvantages of HMAC, how it works, and examples on Golang. The advantages of HMAC include greater reliability in terms of security, flexibility, portability, and performance. Among the disadvantages of HMAC are issues such as key management and key length. I hope it was enjoyable and useful ❤
Sources:
TL;DR
What is HMAC?
How does the HMAC algorithm work?
Which hash function does the HMAC algorithm use?
HMAC can use various hash functions such as MD5, SHA-1, SHA-256, SHA-384, and SHA-512 as hash functions. Among them, the most widely used are SHA-256 and SHA-512.
Author: Baran Can Atbaş
Published on: Apr 12, 2023
