blob: e66de36fbf1b843e8154a3174ad9390378992668 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
.. danger::
This is a "Hazardous Materials" module. You should **ONLY** use it if
you're 100% absolutely sure that you know what you're doing because this
module is full of land mines, dragons, and dinosaurs with laser guns.
Hash-based Message Authentication Codes
=======================================
.. currentmodule:: cryptography.hazmat.primitives.hmac
.. testsetup::
import binascii
key = binascii.unhexlify(b"0" * 32)
Hash-based message authentication codes (or HMACs) are a tool for calculating
message authentication codes using a cryptographic hash function coupled with a
secret key. You can use an HMAC to verify integrity as well as authenticate a
message.
.. class:: HMAC(key, msg=None, digestmod=None)
HMAC objects take a ``key``, a hash class derived from
:class:`~cryptography.primitives.hashes.BaseHash`, and optional message.
The ``key`` should be randomly generated bytes and is recommended to be
equal in length to the ``digest_size`` of the hash function chosen.
You must keep the ``key`` secret.
.. doctest::
>>> from cryptography.hazmat.primitives import hashes, hmac
>>> h = hmac.HMAC(key, digestmod=hashes.SHA256)
>>> h.update(b"message to hash")
>>> h.hexdigest()
'...'
.. method:: update(msg)
:param bytes msg: The bytes to hash and authenticate.
.. method:: copy()
:return: a new instance of this object with a copied internal state.
.. method:: digest()
:return bytes: The message digest as bytes.
.. method:: hexdigest()
:return str: The message digest as hex.
|
