HMAC truncation - what exactly gets truncated?

0 votes
Hello,

I’m trying to understand how HMAC truncation works exactly: Does the digest (hash) of the XML data get truncated before computing the HMAC? Or do we compute the HMAC over the full digest and then use the truncated HMAC as the signature?

Thanks in advance!
in General/Lecture/Exam by
edit history

1 Answer

0 votes
The latter is correct. Whether we have a public-key signature or a symmetric-key HMAC does not change the process of creating the SignedInfo Element that is used as an input to the “signature”. So SignedInfo and, thus, the Digest are computed as normal (according to the DigestMethod), this XML is then canonicalized and used as an input to the signature function [1, 2]. This also means that the hash for the HMAC and for the digest can be different.

The HMAC itself can then be truncated [3]. So it is the final “signature” that is being truncated.

[1]: https://www.w3.org/TR/xmldsig-core2/#sec-SignatureGeneration
[2]: https://www.w3.org/TR/xmldsig-core2/#sec-ReferenceGeneration-2.0
[3]: https://www.w3.org/TR/xmldsig-core2/#sec-MACs
by (2.3k points)
edit history