hashlib — 安全哈希和消息摘要
hashlib
hmac
源代码: Lib/hmac.py
This module implements the HMAC algorithm as described by RFC 2104 .
Return a new hmac object. key is a bytes or bytearray object giving the secret key. If msg is present, the method call update(msg) is made. digestmod is the digest name, digest constructor or module for the HMAC object to use. It may be any name suitable to hashlib.new() . Despite its argument position, it is required.
update(msg)
hashlib.new()
3.4 版改变: 参数 key can be a bytes or bytearray object. Parameter msg can be of any type supported by hashlib . Parameter digestmod can be the name of a hash algorithm.
3.8 版改变: The digestmod argument is now required. Pass it as a keyword argument to avoid awkwardness when you do not have an initial msg .
Return digest of msg for given secret key and digest . The function is equivalent to HMAC(key, msg, digest).digest() , but uses an optimized C or inline implementation, which is faster for messages that fit into memory. The parameters key , msg ,和 digest 拥有相同含义如在 new() .
HMAC(key, msg, digest).digest()
new()
CPython implementation detail, the optimized C implementation is only used when digest is a string and name of a digest algorithm, which is supported by OpenSSL.
Added in version 3.7.
An HMAC object has the following methods:
Update the hmac object with msg . Repeated calls are equivalent to a single call with the concatenation of all the arguments: m.update(a); m.update(b) 相当于 m.update(a + b) .
m.update(a); m.update(b)
m.update(a + b)
3.4 版改变: 参数 msg can be of any type supported by hashlib .
Return the digest of the bytes passed to the update() method so far. This bytes object will be the same length as the digest_size of the digest given to the constructor. It may contain non-ASCII bytes, including NUL bytes.
update()
警告
When comparing the output of digest() to an externally supplied digest during a verification routine, it is recommended to use the compare_digest() function instead of the == operator to reduce the vulnerability to timing attacks.
digest()
compare_digest()
==
像 digest() except the digest is returned as a string twice the length containing only hexadecimal digits. This may be used to exchange the value safely in email or other non-binary environments.
When comparing the output of hexdigest() to an externally supplied digest during a verification routine, it is recommended to use the compare_digest() function instead of the == operator to reduce the vulnerability to timing attacks.
hexdigest()
Return a copy (“clone”) of the hmac object. This can be used to efficiently compute the digests of strings that share a common initial substring.
哈希对象拥有下列属性:
The size of the resulting HMAC digest in bytes.
The internal block size of the hash algorithm in bytes.
Added in version 3.4.
The canonical name of this HMAC, always lowercase, e.g. hmac-md5 .
hmac-md5
3.10 版改变: Removed the undocumented attributes HMAC.digest_cons , HMAC.inner ,和 HMAC.outer .
HMAC.digest_cons
HMAC.inner
HMAC.outer
This module also provides the following helper function:
返回 a == b . This function uses an approach designed to prevent timing analysis by avoiding content-based short circuiting behaviour, making it appropriate for cryptography. a and b must both be of the same type: either str (ASCII only, as e.g. returned by HMAC.hexdigest() ), or a 像字节对象 .
a == b
str
HMAC.hexdigest()
注意
若 a and b are of different lengths, or if an error occurs, a timing attack could theoretically reveal information about the types and lengths of a and b —but not their values.
Added in version 3.3.
3.10 版改变: The function uses OpenSSL’s CRYPTO_memcmp() internally when available.
CRYPTO_memcmp()
另请参阅
提供安全哈希函数的 Python 模块。
secrets — 生成用于管理保密的安全随机数
secrets
键入搜索术语或模块、类、函数名称。