Photo by Nerene Grobler on Unsplash

I Know HMAC, But What’s CMAC?

With public-key encryption, we can create a signature where we sign with the private key, and then prove with the public key. Typical methods used are ECDSA and EdDSA. But this is rather heavyweight for signing messages that go back and forth between users. So one method is to use HMAC, and where the users have a shared secret key. This might be pre-arranged and long-term, or could be a short-term session key that they use for just one…