| .. danger:: |
| |
| This is a "Hazardous Materials" module. You should **ONLY** use it if |
| you're 100% absolutely sure that you know what you're doing because this |
| module is full of land mines, dragons, and dinosaurs with laser guns. |
| |
| |
| Hash-based Message Authentication Codes |
| ======================================= |
| |
| .. currentmodule:: cryptography.hazmat.primitives.hmac |
| |
| .. testsetup:: |
| |
| import binascii |
| key = binascii.unhexlify(b"0" * 32) |
| |
| Hash-based message authentication codes (or HMACs) are a tool for calculating |
| message authentication codes using a cryptographic hash function coupled with a |
| secret key. You can use an HMAC to verify integrity as well as authenticate a |
| message. |
| |
| .. class:: HMAC(key, msg=None, digestmod=None) |
| |
| HMAC objects take a ``key``, a hash class derived from |
| :class:`~cryptography.primitives.hashes.BaseHash`, and optional message. |
| The ``key`` should be randomly generated bytes and is recommended to be |
| equal in length to the ``digest_size`` of the hash function chosen. |
| You must keep the ``key`` secret. |
| |
| .. doctest:: |
| |
| >>> from cryptography.hazmat.primitives import hashes, hmac |
| >>> h = hmac.HMAC(key, digestmod=hashes.SHA256) |
| >>> h.update(b"message to hash") |
| >>> h.hexdigest() |
| '...' |
| |
| .. method:: update(msg) |
| |
| :param bytes msg: The bytes to hash and authenticate. |
| |
| .. method:: copy() |
| |
| :return: a new instance of this object with a copied internal state. |
| |
| .. method:: digest() |
| |
| :return bytes: The message digest as bytes. |
| |
| .. method:: hexdigest() |
| |
| :return str: The message digest as hex. |
| |