views:

62

answers:

1

Long time reader, first time poster. And I start with quite a cryptic one!

What I'm seeking to do is encrypt a string with the SHA-256 algorithm, and hash it with a key.

I discovered someone had done some excellent work in creating an algorithm for "normal" SHA-2 encryption as a stored function at: http://blog.darkrainfall.org/sha-256-in-mysql/ which will probably be of help to others, but I need to be able to do it with a key.

Anyone know if this is possible? I'm a completely newbie to encryption I'm afraid.

I'm using mySQL 5.1 on Windows 2003 server.

Cheers.

A: 

It is a little unclear what your end goal is, but the SHA implementation you referenced should be able to do the hashing you desired. One meaning of "hashing something with a key" for message authentication might be that you take a secret key and prepend it to data and then hash the entire result. The ever-useful Wikipedia has some information on HMAC.

Note that hashing is not encryption. The question seems to imply that hashing something is the same as encrypting it. A hash, though, takes some data and runs it through a data blender and produces a (typically) fixed length chunk of data. With a cryptographically strong hash function, it is supposed to be impossible (from a practical standpoint) to find an input that results in a given hash value. Encryption, on the other hand, takes a key and a chunk of data and runs i through a data blender and produces a chunk of data that can then be "unblended" in conjunction with the original key to produce the original data.

Mark Wilkins
Just a note. Hashing with a key does *not* necessarily mean prepending the hashable with the key. Typically, salted hashing involves prepending the hashable with the salt. HMAC is a function taking, as arguments, a hash algorithm and a key, and returning a new hash algorithm. This new hash algorithm will transform the hashable with the key via a more complex, and more secure, mechanism.
Justice
@Justice - That is true. I was simplifying with one possible scenario. I'll try to update it to be more accurate.
Mark Wilkins
Wow, that was quick.Sorry I was wondering if I was being clear and you've put me right!I want to be able to do something like this in a SQL statement:SELECT hash_hmac('sha256', '$variable', '$key') as hashed_response I know I can do the sha-256 with the stored function I mentioned, but I wondered how I might go about extending it to HMAC. Although from what you're saying above, the script although it shares the right encryption may be a non-starter for what I'm trying to do.I've only been working on this for 24 hours, so be gentle with me!
Dave
Write your own `hash_hmac_sha256` which implements a HMAC over SHA-256.
Justice
OK... that's really what I was asking. I guess I'm a little out of my depth. Is there anywhere you can point me where I can start working out how to write this? I'm getting to grips with the SHA-256 stored function, but should I be starting from there at all, or starting from scratch? I might have bitten off more than I can chew...
Dave
@Dave, I think Justice gave you the right idea. Just write a function that accepts the same inputs as SHA function you referenced plus a key. Combine the key and the data into one chunk and call the SHA function and return the result.
Mark Wilkins