14. RTPS-HMAC-Only Mode

Attention

“RTPS-HMAC-Only” plugins are deprecated, and RTI Lightweight Security Plugins should be used instead (see The Lightweight Security Plugins for details). HMAC-Only mode remains functional in this release for integration with legacy systems only and should not be used in new deployments. For detailed information on “RTPS-HMAC-Only” plugins and their configuration, please refer to Security Plugins 6.1.2 documentation.

The Security Plugins library includes an alternative, now deprecated, set of “RTPS-HMAC-Only” plugins. These plugins allow RTPS messages to be protected with a user-provided HMAC Key while disabling all other security features (authentication, access control and encryption). This key is used to both protect the integrity of outgoing messages and authenticate incoming messages.

Table 14.1 Properties for Configuring HMAC-Only Mode
Property Name (prefix with `com.rti.serv.secure.`) 1	Property Value Description
`hmac_only.enabled`	Optional << DEPRECATED >> Enables or disables the HMAC-only mode. Note When the HMAC-only mode is enabled, the properties configuring the non-HMAC-only plugins will be either ignored or cause a failure when creating the Security Plugins. Similarly, if the HMAC-only mode is disabled, all of the other properties listed in this table will be ignored. Boolean. Default: `FALSE`
`hmac_only.cryptography.key`	Required if hmac_only.enabled = TRUE << DEPRECATED >> Pre-shared key from which the Security Plugins derive the HMAC Key used to compute message authentication codes. The pre-shared key can be either a plain text string (prefixed by `str:`) or an arbitrary binary string (prefixed by `hex:`). Empty keys are not allowed. DomainParticipants must set this property to the same value in order to communicate with each other. This pre-shared key is also used to derive the HMAC Key used to compute message authentication codes over UDP WAN binding pings. String. Default: not set
`hmac_only.cryptography.max_blocks_per_session`	Optional << DEPRECATED >> For protecting the integrity of RTPS messages, HMAC-only mode uses a Session Key that derives from the HMAC Key and a Session ID. This Session ID is serialized as part of the protected RTPS message. This property sets the number of message blocks to protect before changing the Session ID. Note that the current message block size is fixed at 32 bytes. Therefore, this property controls the number of 32-byte blocks protected with the same Session Key. Unsigned integer: `[1 - MAX_UINT64]` Default: `MAX_UINT64`

1: Assuming you used com.rti.serv.secure as the alias to load the plugin. If not, change the prefix to match the string used with com.rti.serv.load_plugins, followed by the . character.