What does tamper protection with a seal mean?
Protecting a file from tampering means that the file is protected from unauthorised alteration in the transmission to/from BGC.
BGC already supports two different methods of tamper protection:
• MAA (open standard)
• Nexus Sigillet, formerly Säkdata (licensed)
Both methods are based on the use of a special mathematical calculation (encryption algorithm) in combination with a unique key. By doing a control calculation of the tamper protection, it can be verified that no unauthorised party has changed the file.
Why will BGC replace MAA?
The Message Authenticator Algorithm (MAA) is revoked. The reason for replacing MAA is that it no longer support the high demands on security which BGC and the banks expect from its tamper protection solution.
Do I need to replace my tamper protection?
If you currently use MAA for tamper protection/sealing, you need to change the seal method. If you do not know what method you use, you can check this with your software supplier. Affected customers will also be contacted by their bank.
What do I need to do to change tamper protection?
All of those who currently use MAA need to change their seal method.
If you have a sealing program you developed, you need to rewrite the program to support HMAC instead.
If seal generation is instead handled by your software supplier, you should contact them so that they can replace their seal method.
Why choose HMAC?
HMAC based on SHA-256 and a 128-bit key is a secure and open solution based on open and license-free algorithms. There is also open source code that can be used to implement HMAC. This means that it is relatively fast and easy to implement at a reasonable cost, even on different platforms such as Windows, Unix, Linux, mainframes and minicomputers. File formats, administration concerning keys, etc. from MAA and Nexus Sigillet will not be affected, which also speaks for rapid deployment. Acceptance for HMAC has been obtained from the banks, the Swedish Bankers' Association and software companies.
Is the file format or content affected by this change?
No. Nothing other than the actual sealing of the file is affected. File format and communication routes are the same as before.
Can certain fields be sealed with HMAC, a so-called section seal?
No. Just like with MAA, only the entire file can be sealed, a so-called whole file seal.
How secure is HMAC?
Today, HMAC with SHA-256 and a 128-bit key has security equivalent to 128-bit symmetric encryption. Computers with sufficient calculation capacity to break HMAC are assessed to not be available in the next 50 years unless there is a revolutionary break-through, such as with quantum computers.
What are the advantages of HMAC?
Among the advantages is that it provides secure tamper protection that can be easily implemented on different platforms. The algorithm can quickly and effectively be implemented and HMAC also has the benefit of being similar to MAA, which means easier migration from MAA to HMAC.