Process partially incorrect for block HMAC-SHA256 check

[xolider]

Hello !
First of all, thank your documentation ! It helped me a lot while building this library -> Kteepass

I found a mistake in one of your images explaining the HMAC-SHA256 check process for KDBX block stream:

At the top right of this diagram, you have to concat the block payload (n bytes), n (4 bytes), and i (8 bytes). computing the HMAC only on the block is not enough and lead to an inexact HMAC-SHA256.
Example of working process: here

[scubajorgen]

Thanx for the feedback. I'll have a look at it in a few weeks. Since I succeeded in decoding a keepass database it must be all right in the code... ⁣Get BlueMail for Android ​

…

On 29 May 2024, 16:15, at 16:15, xolider ***@***.***> wrote: Hello ! First of all, thank your documentation ! It helped me a lot while building this library -> [Kteepass](https://github.com/xolider/Kteepass) I found a mistake in one of your images explaining the HMAC-SHA256 check process for KDBX block stream:  At the top right of this diagram, you have to concat the block payload (n bytes), n (4 bytes), and i (8 bytes). computing the HMAC only on the block is not enough and lead to an inexact HMAC-SHA256. Example of working process: [here](https://github.com/xolider/Kteepass/blob/d8da5ea6931d26881201f47841a69a47bffb04e7/src/commonJvmMain/kotlin/dev/vicart/kteepass/model/KdbxDatabase.kt#L34) -- Reply to this email directly or view it on GitHub: #1 You are receiving this because you are subscribed to this thread. Message ID: ***@***.***>