0

I use AES-128bit to encrypt files and I want to compute a HMAC for each one of the encrypted files to ensure their integrity.

Can I use directly the AES KEY to compute HMAC or should I used a derived form (eg. PBKDF2 sha256) ? In other words I wonder if the HMAC can facilitate the recovery of the AES key or not...

Thank you in advance. Best regards

mad
  • 103
  • 1
  • Related: [Why can't I use the same key for encryption and MAC?](http://security.stackexchange.com/questions/37880/why-cant-i-use-the-same-key-for-encryption-and-mac) and [Using the same secret key for encryption and authentication in a Encrypt-then-MAC scheme](http://crypto.stackexchange.com/questions/8081/using-the-same-secret-key-for-encryption-and-authentication-in-a-encrypt-then-ma) on crypto.SE. – CodesInChaos Nov 14 '13 at 08:54

1 Answers1

1

In general, the advice is always to use two unique keys for two distinct functions. The main reason is for separation of responsibilities.

Consider that your senior executives may have a very sensitive file that talks about an upcoming business deal. It needs to be encrypted so that only the other executives can read it.

However, you may need to ask a system administrator, security reviewer, or arbitrator to periodically authenticate or monitor the integrity of the files. If they're both using the same key, you can't separate those duties.

John Deters
  • 33,650
  • 3
  • 57
  • 110