15. HMAC-Only mode
Attention
Builtin Security Plugins’s HMAC-Only mode is deprecated, and Lightweight Builtin Security Plugins should be used instead (see The Lightweight Builtin Security Plugins for details). HMAC-Only mode remains functional in this release for integration with legacy systems only and should not be used in new deployments. For detailed information on Builtin Security Plugins’s HMAC-Only mode and its configuration, please refer to Security Plugins 6.1.2 documentation.
The Builtin Security Plugins library includes an alternative, now deprecated, set of plugins that allow running on HMAC-Only mode. These plugins allow RTPS messages to be protected with a user-provided HMAC Key while disabling all other security features (authentication, access control and encryption). This key is used to both protect the integrity of outgoing messages and authenticate incoming messages.
Property Name (prefix with |
Property Value Description |
---|---|
|
Optional << DEPRECATED >> Enables or disables the Builtin Security Plugins’s HMAC-Only mode. Note When the HMAC-Only mode is enabled, the properties configuring the non-HMAC-Only mode-related options will be either ignored or cause a failure when creating the Builtin Security Plugins. Similarly, if the HMAC-Only mode is disabled, all of the other properties listed in this table will be ignored. Boolean. Default: |
|
Required if hmac_only.enabled = TRUE << DEPRECATED >> Pre-shared key from which the Builtin Security Plugins derive the HMAC Key used to
compute message authentication codes. The pre-shared key can be either a
plain text string (prefixed by This pre-shared key is also used to derive the HMAC Key used to compute message authentication codes over UDP WAN binding pings. String. Default: not set |
|
Optional << DEPRECATED >> For protecting the integrity of RTPS messages, HMAC-Only mode uses a Session Key that derives from the HMAC Key and a Session ID. This Session ID is serialized as part of the protected RTPS message. This property sets the number of message blocks to protect before changing the Session ID. Note that the current message block size is fixed at 32 bytes. Therefore, this property controls the number of 32-byte blocks protected with the same Session Key. Unsigned integer: Default: |