hmac
— 用于消息身份验证的键哈希
¶
2.2 版新增。
源代码: Lib/hmac.py
This module implements the HMAC algorithm as described by RFC 2104 .
hmac.
new
(
key
[
,
msg
[
,
digestmod
]
]
)
¶
Return a new hmac object. If
msg
is present, the method call
update(msg)
is made.
digestmod
is the digest constructor or module for the HMAC object to use. It defaults to the
hashlib.md5
构造函数。
An HMAC object has the following methods:
HMAC.
update
(
msg
)
¶
Update the hmac object with the string
msg
. Repeated calls are equivalent to a single call with the concatenation of all the arguments:
m.update(a);
m.update(b)
相当于
m.update(a + b)
.
HMAC.
digest
(
)
¶
Return the digest of the strings passed to the
update()
method so far. This string will be the same length as the
digest_size
of the digest given to the constructor. It may contain non-ASCII characters, including NUL bytes.
警告
When comparing the output of
digest()
to an externally-supplied digest during a verification routine, it is recommended to use the
compare_digest()
function instead of the
==
operator to reduce the vulnerability to timing attacks.
HMAC.
hexdigest
(
)
¶
像
digest()
except the digest is returned as a string twice the length containing only hexadecimal digits. This may be used to exchange the value safely in email or other non-binary environments.
警告
When comparing the output of
hexdigest()
to an externally-supplied digest during a verification routine, it is recommended to use the
compare_digest()
function instead of the
==
operator to reduce the vulnerability to timing attacks.
HMAC.
copy
(
)
¶
Return a copy (“clone”) of the hmac object. This can be used to efficiently compute the digests of strings that share a common initial substring.
This module also provides the following helper function:
hmac.
compare_digest
(
a
,
b
)
¶
返回
a == b
. This function uses an approach designed to prevent timing analysis by avoiding content-based short circuiting behaviour, making it appropriate for cryptography.
a
and
b
must both be of the same type: either
unicode
或
像字节对象
.
注意
若 a and b are of different lengths, or if an error occurs, a timing attack could theoretically reveal information about the types and lengths of a and b —but not their values.
New in version 2.7.7.
另请参阅
hashlib
提供安全哈希函数的 Python 模块。