2

This might be a very silly question, but I am a total novice in encryption. I don't know where to start searching for an answer to this problem.

I am building applications using a proprietary language developed by my company. I am trying to call a REST service using my application. This REST service is authenticated using HMAC-SHA1 encrypted tokens. By which I mean I have to put a bunch of values together and HMAC-SHA1 encrypt them. Unfortunately my company's language doesn't have APIs for HMAC-SHA1. It only has APIs for AES encryption.

If I use AES to generate my token, will I get the same result as using HMAC-SHA1 APIs to generate a token?

d1str0
  • 348
  • 1
  • 13
Vinod Mohanan
  • 123
  • 1
  • 4

1 Answers1

4

No. HMAC-SHA1 is very different from AES encryption. HMAC-SHA1 is not an encryption algorithm. It is a hashing function.

Wikipedia and other sources are good at explaining what AES, HMAC, and SHA-1 are. In all honestly, you shouldn't be rolling your own crypto and if you know this little about crypto you probably shouldn't be developing this part of the application at all.

d1str0
  • 348
  • 1
  • 13
  • 1
    Thank you for your response. I am definitely not going to role out my own crypto or expand the language to support HMAC-SHA1 because that is not my area of expertise. I just wanted to know since the language only has functions for AES, can it be used to generate a HMAC-SHA1. If it cannot, I can tell people that, I can't do this with features available in the language out of the box. That was my intention. – Vinod Mohanan Mar 08 '16 at 23:13
  • No problem. Unfortunately it is all too common to see people try and recreate common crypto constructions badly. If you would like more resources other than Wikipedia, there are several books on the subject. – d1str0 Mar 08 '16 at 23:15
  • 2
    HMAC-SHA1 is not "a hashing function" either, it is a MAC, which is what this problem seems to call for. – otus Mar 09 '16 at 07:37