I think I quite well understand the theoretical benefit of adding the HMAC (authenticity/integrity on top of confidentiality), but I am looking at this from a key management point-of-view.
Premise: Since anyone could in theory encrypt plain text, I add a MAC tag so the ciphertext origin can be verified. This derives the premise:
- A malicious party could gain access to the secret shared encryption key and forge a cipher text
Then I argue, if an attacker can access the encryption key, why should he/she not be able to access to MAC key as well (and thus again be able to forge a cipher text)? Next, if we increase the key storage requirements for the MAC key (making its compromise less likely), why not simply store the encryption key more securely in the first place?
In my eyes, this method is adding two very similar security concepts together (shared symmetric secret key), which doesn’t magically increase the security, i.e., 1+1 does not always equal 2 in security.
If someone could briefly explain the error in my chain of thought or shed some light on this matter I would highly appreciate it.
Thanks in advance!