As we stated in Chapter 7, the message digest by itself does not give us a very high level of security. We can tell whether somehow the output file in this example has been corrupted because the text that we read in won’t produce the same message digest that was saved with the file. But there’s nothing to prevent someone from changing both the text and the digest stored in the file in such a way that the new digest reflects the altered text.
A secure message digest is called a Message Authentication Code (MAC). A MAC has the property that it cannot be created solely from the input data; it requires a secret key that is shared by the sender and receiver. Hence, an intermediate party cannot change both the data and the MAC without the receiver detecting that the data has been corrupted.
There are various ways in which a message digest can be made into a MAC, but the core Java security API does not provide any standard techniques for doing so. However, JCE does provide a class to produce a MAC, and there are simple ways to calculate a MAC on your own.
javax.crypto.Mac) is part of the
Java Cryptography Extension because it
involves a cryptographic operation: a secret key is used to calculate
the message digest. This mean that in order to use the
Mac class, both sender and receiver must agree
upon which secret key to use. As we discussed in Chapter 10, that means the sender and receiver must have previously exchanged and stored ...