| .. hazmat:: |
| |
| Hash-based Message Authentication Codes |
| ======================================= |
| |
| .. currentmodule:: cryptography.hazmat.primitives.hmac |
| |
| .. testsetup:: |
| |
| import binascii |
| key = binascii.unhexlify(b"0" * 32) |
| |
| Hash-based message authentication codes (or HMACs) are a tool for calculating |
| message authentication codes using a cryptographic hash function coupled with a |
| secret key. You can use an HMAC to verify integrity as well as authenticate a |
| message. |
| |
| .. class:: HMAC(key, algorithm) |
| |
| HMAC objects take a ``key`` and a provider of |
| :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`. |
| The ``key`` should be randomly generated bytes and is recommended to be |
| equal in length to the ``digest_size`` of the hash function chosen. |
| You must keep the ``key`` secret. |
| |
| .. doctest:: |
| |
| >>> from cryptography.hazmat.primitives import hashes, hmac |
| >>> h = hmac.HMAC(key, hashes.SHA256()) |
| >>> h.update(b"message to hash") |
| >>> h.finalize() |
| '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' |
| |
| .. method:: update(msg) |
| |
| :param bytes msg: The bytes to hash and authenticate. |
| |
| .. method:: copy() |
| |
| :return: a new instance of this object with a copied internal state. |
| |
| .. method:: finalize() |
| |
| Finalize the current context and return the message digest as bytes. |
| |
| Once ``finalize`` is called this object can no longer be used. |
| |
| :return bytes: The message digest as bytes. |