Hi,
I am creating an internal messaging system.In the system users can communicate with each other and send messages internally. The functionality is working fine and I am using AES encryption for encrypting the message.I am also using SSL for sending the messages. Now I want to implement the message authentication code in the messaging system and I want to make sure that the message body is not tempered. My logic is that when the user clicks on the send message the message body is encrypted and I create a MAC and send the values while inserting it into database and before insertion into database I again create a Mac from the same posted message body and compare those Mac values. Can anyone tell me that is the logic correct or is there any other way I can implement MAC in my system. I really need to implement MAC in the messaging system.
Thanks in advance.
saadi06
2
Junior Poster in Training
veedeoo
474
Junior Poster
Featured Poster
Hi,
I don't know if my suggestion will even make sense logic wise, but I think it is more clever if you hold on to the MAC and wait for the PDO::lastInsertId(). Once you get that lastInsertId(), you can set this as a boolean response, and then confirm to insert the MAC as an update.
I am assuming here, that you are currently using PDO, else , use mysql_insert_id() .
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.