A Hashed Message Authentication Code (HMAC) is a cryptographic artifact for determining the authenticity and integrity of a message object, using a symmetric key and a hash (message-digest). The HMAC can be based on message digest algorithms such as the MD5, SHA1, SHA256, etc. Possession of an HMAC value does not compromise the sensitive data as HMACs are not reversible artifacts.
What is the HMAC key in the StrongKey appliance used for?
The HMAC key in the appliance is a 256-bit key, and is used with the SHA256 hashing algorithm to create HMACs of sensitive data. The appliance automatically generates and uses a single symmetric HMAC key for a calendar year. It is used to generate HMACs for sensitive data sent to the appliance during that calendar year. This HMAC is stored in the database along with other meta-data and the ciphertext of the sensitive object.
When data is decrypted (based on a decryption request), the appliance regenerates a new HMAC with the decrypted data, using the HMAC key originally used during the encryption process, to determine if the data has not only been unmodified since it was last stored in the database, but to also determine if decryption process was successful. Without this test, the appliance would have no way of knowing if the encrypted object was modified/corrupted in the database.
HMAC: Keyed-Hashing for Message Authentication - RFC 2104
HMAC-MD5 and HMAC-SHA1 Test Vectors, HMAC-SHA1 implementation in C - RFC 2104
US Secure Hash Algorithms (SHA and HMAC-SHA) -- includes an improved SHA-1 implementation as well as SHA-224, SHA-256, SHA-384, and SHA-512 - RFC 4634
The Use of HMAC-MD5-96 within ESP and AH — RFC 2403
The Use of HMAC-SHA-1-96 within ESP and AH — RFC 2404
The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec - RFC 33566
The AES-CBC Cipher Algorithm and Its Use with IPsec - RFC 3602