Message authentication using cryptographic hash functions in python can be achieved through the HMAC mechanism. We can use HMAC with multiple iterable hash functions such as MD5, SHA-1 in combination with a secret shared key.
The basic idea is to secure our data, by generating a cryptographic hash of the actual data combined with a shared secret key. The final result is sent without the secret key but the resulting hash can be used to check the transmitted or stored message.
Syntax
hmac.new(key, msg = None, digestmod = None)
Returns a generate new hmac object.
Where −
Key – The shared secret key here.
Msg – the message to hash here the message to hash here
Digestmod – digest name or module for the HMAC object to use
Methods and Attributes of the HMAC module −
hmac.update(message)
Used to update the hmac object using the given message. Messages will get appended if you call this method more than once.
hmac.digest()
Return the digest of the bytes passed to the update() method so far.
hashlib.hexdigest()
Like digest() except the digest is returned as a string twice the length containing only hexadecimal digits. This may be used to exchange the value safely in email or other non-binary environments.
haslib.copy()
Return a copy (“clone”) of the hmac object.
Example1
Creating a hash, using the default MD5 hash algorithm.
#Import libraries
import hashlib
import hmac
#data
update_bytes = b'Lorem ipsum dolor sit amet, consectetur adipiscing elit. \
Suspendisse tristique condimentum viverra. Nulla accumsan \
orci risus, non congue lacus feugiat id.'
#secret key
password = b'402xy5#'
#Generate cryptographic hash using md5
my_hmac = hmac.new(update_bytes, password, hashlib.md5)
print("The first digest: " + str(my_hmac.digest()))
print("The Canonical Name: " + my_hmac.name)
print("Block size: " + str (my_hmac.block_size) + "bytes")
print("Digest size: " + str(my_hmac.digest_size) + "bytes")
#Create a copy of the hmac object
my_hmac_cpy = my_hmac.copy()
print("The Copied digest: " + str(my_hmac_cpy.digest()))Output
The first digest: b'H\xcc.nf\xdd\x8bC\x8di\x0cC\xb8\xe9l\xa8' The Canonical Name: hmac-md5 Block size: 64bytes Digest size: 16bytes The Copied digest: b'H\xcc.nf\xdd\x8bC\x8di\x0cC\xb8\xe9l\xa8'
As SHA1 is considered more secure than MD5 algorithm and if you are thinking of running the above program using SHA1 algorithm. Just modify the algorithm name in this line,
my_hmac = hmac.new(update_bytes, password,hashlib.sha1)
and our result will be something like:
The first digest: b'\xc3T\xe7[\xc8\xa3O/$\xbd`A\xad\x07d\xe8\xae\xa2!\xb4'
The Canonical Name: hmac-sha1 Block size: 64bytes Digest size: 20bytes The Copied digest: b'\xc3T\xe7[\xc8\xa3O/$\xbd`A\xad\x07d\xe8\xae\xa2!\xb4'
Applications
HMAC authentication mechanism can be used in any place where security is important like public network services. For example, in public network we are sending an important file/data through a pipe or socket, that file/data should be signed and then the signature should be tested before the data is used.