Message Authentication Code (MAC)
Stay organized with collections
Save and categorize content based on your preferences.
The MAC primitive lets you to verify that no one has tampered with your data.
A sender sharing a symmetric key with a recipient can compute an
authentication tag for a given message, which allows the recipient to verify
that a message is from the expected sender and has not been modified.
MAC has the following properties:
- Authenticity: Knowing the key is the only way to create a verifiable MAC
tag.
- Symmetric: Computing and verifying the tag requires the same key.
MAC can be deterministic or randomized, depending on the algorithm. Tink does
not implement non-deterministic MAC algorithms at the moment. You should use MAC
only for message authentication, not for other purposes like generation of
pseudorandom bytes (for that, see PRF).
If you need an asymmetric primitive instead, see Digital
Signature.
Choose a key type
We recommend using HMAC_SHA256 for most uses, but there are other options as
well.
In general, the following holds true:
Minimal security guarantees
- At least 80-bit authentication strength
- Secure against existential forgery under chosen plaintext attack
- At least 128-bit security against key recovery attacks, and also in
multi-user scenarios (when an attacker is not targeting a specific key, but
any key from a set of up to 232 keys)
Example use case
See I want to protect data from tampering.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-06-02 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-02 UTC."],[[["The Message Authentication Code (MAC) primitive, using a shared symmetric key, enables verification of data integrity and authenticity by generating an authentication tag."],["MAC ensures authenticity as only the key holder can create a verifiable tag, and it's symmetric, requiring the same key for both computation and verification."],["Tink recommends HMAC_SHA256 for most use cases, while HMAC_SHA512 offers higher security and AES256_CMAC might provide better performance with specific hardware."],["Tink's MAC implementation guarantees a minimum of 80-bit authentication strength, protection against forgery, and at least 128-bit security against key recovery attacks, even in multi-user environments."]]],["MAC uses a shared symmetric key between sender and recipient to verify message authenticity and integrity. The sender computes an authentication tag for a message, which the recipient uses to confirm its origin and unaltered state. MAC guarantees authenticity, where only key holders can create verifiable tags. Key recommendations include HMAC_SHA256, HMAC_SHA512 (most conservative), and AES256_CMAC (fastest with AES-NI). MAC is designed solely for message authentication, offering a minimum of 80-bit authentication strength.\n"]]
