Message authentication codes (Windows Store apps)
Encryption helps prevent an unauthorized individual from reading a message, but it does not prevent that individual from tampering with the message. An altered message, even if the alteration results in nothing but nonsense, can have real costs. A message authentication code (MAC) helps prevent message tampering. For example, consider the following scenario:
- Bob and Alice share a secret key and agree on a MAC function to use.
- Bob creates a message and inputs the message and the secret key into a MAC function to retrieve a MAC value.
- Bob sends the [unencrypted] message and the MAC value to Alice over a network.
- Alice uses the secret key and the message as input to the MAC function. She compares the generated MAC value to the MAC value sent by Bob. If they are the same, the message was not changed in transit.
Note that Eve, a third party eavesdropping on the conversation between Bob and Alice, cannot effectively manipulate the message. Eve does not have access to the private key and cannot, therefore, create a MAC value which would make the tampered message appear legitimate to Alice.
Creating a message authentication code ensures only that the original message was not altered and, by using a shared secret key, that the message hash was signed by someone with access to that private key.
You can use the MacAlgorithmProvider to enumerate the available MAC algorithms and generate a symmetric key. You can use static methods on the CryptographicEngine class to perform the necessary encryption that creates the MAC value.
Digital signatures are the public key equivalent of private key message authentication codes (MACs). Although MACs use private keys to enable a message recipient to verify that a message has not been altered during transmission, signatures use a private/public key pair.