blob: bd1a4934d0d2444e295973ee6bc0f237d49cc40e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
.. hazmat::
Hash-based Message Authentication Codes
=======================================
.. currentmodule:: cryptography.hazmat.primitives.hmac
.. testsetup::
import binascii
key = binascii.unhexlify(b"0" * 32)
Hash-based message authentication codes (or HMACs) are a tool for calculating
message authentication codes using a cryptographic hash function coupled with a
secret key. You can use an HMAC to verify integrity as well as authenticate a
message.
.. class:: HMAC(key, algorithm)
HMAC objects take a ``key`` and a provider of
:class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`.
The ``key`` should be randomly generated bytes and is recommended to be
equal in length to the ``digest_size`` of the hash function chosen.
You must keep the ``key`` secret.
This is an implementation of :rfc:`2104`.
.. doctest::
>>> from cryptography.hazmat.primitives import hashes, hmac
>>> h = hmac.HMAC(key, hashes.SHA256())
>>> h.update(b"message to hash")
>>> h.finalize()
'#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J'
.. method:: update(msg)
:param bytes msg: The bytes to hash and authenticate.
.. method:: copy()
:return: a new instance of this object with a copied internal state.
.. method:: finalize()
Finalize the current context and return the message digest as bytes.
Once ``finalize`` is called this object can no longer be used.
:return bytes: The message digest as bytes.
|