I am creating an internal messaging system.In the system users can communicate with each other and send messages internally. The functionality is working fine and I am using AES encryption for encrypting the message.I am also using SSL for sending the messages. Now I want to implement the message authentication code in the messaging system and I want to make sure that the message body is not tempered. My logic is that when the user clicks on the send message the message body is encrypted and I create a MAC and send the values while inserting it into database and before insertion into database I again create a Mac from the same posted message body and compare those Mac values. Can anyone tell me that is the logic correct or is there any other way I can implement MAC in my system. I really need to implement MAC in the messaging system.
Thanks in advance.

5 Years
Discussion Span
Last Post by veedeoo


I don't know if my suggestion will even make sense logic wise, but I think it is more clever if you hold on to the MAC and wait for the PDO::lastInsertId(). Once you get that lastInsertId(), you can set this as a boolean response, and then confirm to insert the MAC as an update.

I am assuming here, that you are currently using PDO, else , use mysql_insert_id() .

Edited by veedeoo: info added

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.