hmac
— 用于消息身份验证的键哈希
¶
源代码: Lib/hmac.py
This module implements the HMAC algorithm as described by RFC 2104 .
hmac.
new
(
key
,
msg=None
,
digestmod=''
)
¶
Return a new hmac object.
key
is a bytes or bytearray object giving the secret key. If
msg
is present, the method call
update(msg)
is made.
digestmod
is the digest name, digest constructor or module for the HMAC object to use. It may be any name suitable to
hashlib.new()
. Despite its argument position, it is required.
3.4 版改变:
参数
key
can be a bytes or bytearray object. Parameter
msg
can be of any type supported by
hashlib
. Parameter
digestmod
can be the name of a hash algorithm.
从 3.4 版起弃用,将在 3.8 版中移除: MD5 as implicit default digest for digestmod is deprecated. The digestmod parameter is now required. Pass it as a keyword argument to avoid awkwardness when you do not have an initial msg.
hmac.
digest
(
key
,
msg
,
digest
)
¶
Return digest of
msg
for given secret
key
and
digest
. The function is equivalent to
HMAC(key, msg, digest).digest()
, but uses an optimized C or inline implementation, which is faster for messages that fit into memory. The parameters
key
,
msg
,和
digest
have the same meaning as in
new()
.
CPython implementation detail, the optimized C implementation is only used when digest is a string and name of a digest algorithm, which is supported by OpenSSL.
3.7 版新增。
An HMAC object has the following methods:
HMAC.
update
(
msg
)
¶
Update the hmac object with
msg
. Repeated calls are equivalent to a single call with the concatenation of all the arguments:
m.update(a); m.update(b)
相当于
m.update(a + b)
.
3.4 版改变:
参数
msg
can be of any type supported by
hashlib
.
HMAC.
digest
(
)
¶
Return the digest of the bytes passed to the
update()
method so far. This bytes object will be the same length as the
digest_size
of the digest given to the constructor. It may contain non-ASCII bytes, including NUL bytes.
警告
When comparing the output of
digest()
to an externally-supplied digest during a verification routine, it is recommended to use the
compare_digest()
function instead of the
==
operator to reduce the vulnerability to timing attacks.
HMAC.
hexdigest
(
)
¶
像
digest()
except the digest is returned as a string twice the length containing only hexadecimal digits. This may be used to exchange the value safely in email or other non-binary environments.
警告
When comparing the output of
hexdigest()
to an externally-supplied digest during a verification routine, it is recommended to use the
compare_digest()
function instead of the
==
operator to reduce the vulnerability to timing attacks.
HMAC.
copy
(
)
¶
Return a copy (“clone”) of the hmac object. This can be used to efficiently compute the digests of strings that share a common initial substring.
A hash object has the following attributes:
HMAC.
digest_size
¶
The size of the resulting HMAC digest in bytes.
HMAC.
block_size
¶
The internal block size of the hash algorithm in bytes.
3.4 版新增。
HMAC.
name
¶
The canonical name of this HMAC, always lowercase, e.g.
hmac-md5
.
3.4 版新增。
从 3.9 版起弃用:
The undocumented attributes
HMAC.digest_cons
,
HMAC.inner
,和
HMAC.outer
are internal implementation details and will be removed in Python 3.10.
This module also provides the following helper function:
hmac.
compare_digest
(
a
,
b
)
¶
返回
a == b
. This function uses an approach designed to prevent timing analysis by avoiding content-based short circuiting behaviour, making it appropriate for cryptography.
a
and
b
must both be of the same type: either
str
(ASCII only, as e.g. returned by
HMAC.hexdigest()
), or a
像字节对象
.
注意
若 a and b are of different lengths, or if an error occurs, a timing attack could theoretically reveal information about the types and lengths of a and b —but not their values.
3.3 版新增。
3.9 版改变:
The function uses OpenSSL’s
CRYPTO_memcmp()
internally when available.
另请参阅
hashlib
提供安全哈希函数的 Python 模块。