1

I understand the HMAC with SHA256 example provides a set of keys: (https://github.com/Cathedrow/Cryptosuite/blob/master/Sha/examples/hmacsha256test/hmacsha256test.pde)

#include "sha256.h"
uint8_t hmacKey1[]={
 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b
};
uint8_t hmacKey2[]={
 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19
};
...

I did a bit research and have a sense that these keys are in hexadecimal form with 0x added as prefix. If I like to use my own key, like a string, abece123*, do I just convert the key string to hex?

I tried to use this site below to convert above hmacKey2 to see what the key may look like. But the result is not recognizable. Here's what I did: copy and past

0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,
0x0f,0x10,0x11,0x12,0x13,0x14, 0x15,0x16,0x17,0x18,0x19

to the site below to convert to string. https://codebeautify.org/hex-string-converter

I am very new to this field. Please help me understand how these key works and and the steps needed to replace one of the preset hmac keys with my own key string (e.g. abece123*). Thanks.

asked May 4, 2019 at 13:34

1 Answer 1

1

Those are examples for keys. You need one key and you can choose any text with any length.

Did you see this line in the example:

sha.initHmac((uint8_t*)"Jefe",4);

It uses the key "Jefe" with a length of 4.
You can use your own key, but you also need the length.

char myKey[] = "abece123*";
int length = strlen(myKey);
sha.initHmac((uint8_t*)myKey, length);
answered May 4, 2019 at 14:15
4
  • Yes, I also found this later. Thanks for your attention. Commented May 4, 2019 at 14:42
  • Now that we know your key, don't use "abece123*" anymore. You can for example use a full sentence, something that you can remember and is long (for example more than than 20 bytes). Commented May 4, 2019 at 15:23
  • Yep, that will be my next thing to consider. And there's some discussion here: security.stackexchange.com/questions/95972/… . I will use a password generator to do that. Although I couldn't tell how secure it is as there's no tool to test if it can be hacked. Commented May 4, 2019 at 18:50
  • Sometimes I make up a fairy tale story that is completely different from other passwords. For example: "once upon a time there was a blue moon that ate cookies", with or without capitals and with or without spaces. Commented May 4, 2019 at 22:39

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.