Encrypt-then-MAC - add HMAC-SHA256 for authenticated encryption

The existing protocol use **AES-256-CBC** with **PKCS7** padding but no message authentication, making it vulnerable to **CBC** padding oracle attacks.

Changes:
- Add HMAC-SHA256 computation over (IV + ciphertext) for Encrypt-then-MAC
- Responses always include the Hmac field for clients that support it
- Requests with Hmac field are verified before decryption (fail-fast)
- Requests without Hmac field still work (backward compatible)
- Add constant-time comparison to prevent timing side-channel attacks
- Add Hmac field to `BaseRequest` and `BaseResponse` models

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Encrypt-then-MAC - add HMAC-SHA256 for authenticated encryption #39

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Encrypt-then-MAC - add HMAC-SHA256 for authenticated encryption #39

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions