| Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 1 | :mod:`hmac` --- Keyed-Hashing for Message Authentication |
| 2 | ======================================================== |
| 3 | |
| 4 | .. module:: hmac |
| Georg Brandl | 80b75fd | 2010-10-17 09:43:35 +0000 | [diff] [blame^] | 5 | :synopsis: Keyed-Hashing for Message Authentication (HMAC) implementation |
| 6 | for Python. |
| Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 7 | .. moduleauthor:: Gerhard Häring <ghaering@users.sourceforge.net> |
| 8 | .. sectionauthor:: Gerhard Häring <ghaering@users.sourceforge.net> |
| 9 | |
| 10 | |
| Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 11 | This module implements the HMAC algorithm as described by :rfc:`2104`. |
| 12 | |
| 13 | |
| Georg Brandl | 036490d | 2009-05-17 13:00:36 +0000 | [diff] [blame] | 14 | .. function:: new(key, msg=None, digestmod=None) |
| Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 15 | |
| Georg Brandl | 80b75fd | 2010-10-17 09:43:35 +0000 | [diff] [blame^] | 16 | Return a new hmac object. *key* is a bytes object giving the secret key. If |
| 17 | *msg* is present, the method call ``update(msg)`` is made. *digestmod* is |
| 18 | the digest constructor or module for the HMAC object to use. It defaults to |
| 19 | the :func:`hashlib.md5` constructor. |
| Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 20 | |
| 21 | .. note:: |
| 22 | |
| 23 | The md5 hash has known weaknesses but remains the default for backwards |
| Georg Brandl | 80b75fd | 2010-10-17 09:43:35 +0000 | [diff] [blame^] | 24 | compatibility. Choose a better one for your application. |
| 25 | |
| Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 26 | |
| 27 | An HMAC object has the following methods: |
| 28 | |
| Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 29 | .. method:: hmac.update(msg) |
| 30 | |
| Georg Brandl | 80b75fd | 2010-10-17 09:43:35 +0000 | [diff] [blame^] | 31 | Update the hmac object with the bytes object *msg*. Repeated calls are |
| 32 | equivalent to a single call with the concatenation of all the arguments: |
| 33 | ``m.update(a); m.update(b)`` is equivalent to ``m.update(a + b)``. |
| Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 34 | |
| 35 | |
| 36 | .. method:: hmac.digest() |
| 37 | |
| Georg Brandl | 80b75fd | 2010-10-17 09:43:35 +0000 | [diff] [blame^] | 38 | Return the digest of the bytes passed to the :meth:`update` method so far. |
| 39 | This bytes object will be the same length as the *digest_size* of the digest |
| 40 | given to the constructor. It may contain non-ASCII bytes, including NUL |
| 41 | bytes. |
| Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 42 | |
| 43 | |
| 44 | .. method:: hmac.hexdigest() |
| 45 | |
| Georg Brandl | 80b75fd | 2010-10-17 09:43:35 +0000 | [diff] [blame^] | 46 | Like :meth:`digest` except the digest is returned as a string twice the |
| 47 | length containing only hexadecimal digits. This may be used to exchange the |
| 48 | value safely in email or other non-binary environments. |
| Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 49 | |
| 50 | |
| 51 | .. method:: hmac.copy() |
| 52 | |
| 53 | Return a copy ("clone") of the hmac object. This can be used to efficiently |
| 54 | compute the digests of strings that share a common initial substring. |
| 55 | |
| 56 | |
| 57 | .. seealso:: |
| 58 | |
| 59 | Module :mod:`hashlib` |
| Ezio Melotti | 0639d5a | 2009-12-19 23:26:38 +0000 | [diff] [blame] | 60 | The Python module providing secure hash functions. |