hmacKeyed-Hashing for Message Authentication用于消息身份验证的密钥哈希

Source code: Lib/hmac.py

This module implements the HMAC algorithm as described by RFC 2104.该模块实现RFC 2104所述的HMAC算法。

hmac.new(key, msg=None, digestmod='')

Return a new hmac object. 返回一个新的hmac对象。key is a bytes or bytearray object giving the secret key. key是提供密钥的字节或字节数组对象。If msg is present, the method call update(msg) is made. 如果存在msg,则进行方法调用update(msg)digestmod is the digest name, digest constructor or module for the HMAC object to use. digestmod是HMAC对象要使用的摘要名称、摘要构造函数或模块。It may be any name suitable to hashlib.new(). 它可以是任何适合hashlib.new()的名称。Despite its argument position, it is required.尽管它的论点立场,它是必需的。

Changed in version 3.4:版本3.4中更改: Parameter key can be a bytes or bytearray object. 参数key可以是字节或字节数组对象。Parameter msg can be of any type supported by hashlib. 参数msg可以是hashlib支持的任何类型。Parameter digestmod can be the name of a hash algorithm.参数digestmod可以是哈希算法的名称。

Deprecated since version 3.4, removed in version 3.8: 自版本3.4以来已弃用,在版本3.8中删除:MD5 as implicit default digest for digestmod is deprecated. 不推荐使用MD5作为digestmod的隐式默认摘要。The digestmod parameter is now required. 现在需要digestmod参数。Pass it as a keyword argument to avoid awkwardness when you do not have an initial msg.将其作为关键字参数传递,以避免在没有初始消息时出现尴尬。

hmac.digest(key, msg, digest)

Return digest of msg for given secret key and digest. 返回给定keydigestmsg摘要。The function is equivalent to HMAC(key, msg, digest).digest(), but uses an optimized C or inline implementation, which is faster for messages that fit into memory. 该函数等价于HMAC(key, msg, digest).digest(),但使用了优化的C或内联实现,这对于适合内存的消息更快。The parameters key, msg, and digest have the same meaning as in new().参数keymsgdigest的含义与new()中的相同。

CPython implementation detail, the optimized C implementation is only used when digest is a string and name of a digest algorithm, which is supported by OpenSSL.在CPython实现细节中,优化的C实现仅在摘要为字符串和digest算法名称时使用,这是OpenSSL支持的。

New in version 3.7.版本3.7中新增。

An HMAC object has the following methods:HMAC对象具有以下方法:

HMAC.update(msg)

Update the hmac object with msg. msg更新hmac对象。Repeated calls are equivalent to a single call with the concatenation of all the arguments: m.update(a); m.update(b) is equivalent to m.update(a + b).重复调用等同于所有参数串联的单个调用:m.update(a); m.update(b)等同于m.update(a + b)

Changed in version 3.4:版本3.4中更改: Parameter msg can be of any type supported by hashlib.参数msg可以是hashlib支持的任何类型。

HMAC.digest()

Return the digest of the bytes passed to the update() method so far. 返回到目前为止传递给update()方法的字节摘要。This bytes object will be the same length as the digest_size of the digest given to the constructor. 这个bytes对象的长度将与提供给构造函数的摘要的digest_size相同。It may contain non-ASCII bytes, including NUL bytes.它可能包含非ASCII字节,包括NUL字节。

Warning

When comparing the output of digest() to an externally-supplied digest during a verification routine, it is recommended to use the compare_digest() function instead of the == operator to reduce the vulnerability to timing attacks.当在验证例程期间将digest()的输出与外部提供的摘要进行比较时,建议使用compare_digest()函数代替==运算符来减少定时攻击的脆弱性。。

HMAC.hexdigest()

Like digest() except the digest is returned as a string twice the length containing only hexadecimal digits. digest()类似,不同之处在于,摘要是作为长度两倍的字符串返回的,仅包含十六进制数字。This may be used to exchange the value safely in email or other non-binary environments.这可以用于在电子邮件或其他非二进制环境中安全地交换值。

Warning

When comparing the output of hexdigest() to an externally-supplied digest during a verification routine, it is recommended to use the compare_digest() function instead of the == operator to reduce the vulnerability to timing attacks.当在验证例程期间将hexdigest()的输出与外部提供的摘要进行比较时,建议使用compare_digest()函数代替==运算符以减少定时攻击的脆弱性。。

HMAC.copy()

Return a copy (“clone”) of the hmac object. 返回hmac对象的副本(“克隆”)。This can be used to efficiently compute the digests of strings that share a common initial substring.这可以用来有效地计算共享公共初始子字符串的字符串摘要。

A hash object has the following attributes:哈希对象具有以下属性:

HMAC.digest_size

The size of the resulting HMAC digest in bytes.生成的HMAC摘要的大小(字节)。

HMAC.block_size

The internal block size of the hash algorithm in bytes.哈希算法的内部块大小(字节)。

New in version 3.4.版本3.4中新增。

HMAC.name

The canonical name of this HMAC, always lowercase, e.g. hmac-md5.此HMAC的规范名称,总是小写,例如hmac-md5

New in version 3.4.版本3.4中新增。

Deprecated since version 3.9: 自版本3.9以来已弃用:The undocumented attributes HMAC.digest_cons, HMAC.inner, and HMAC.outer are internal implementation details and will be removed in Python 3.10.未记录的属性HMAC.digest_consHMAC.inner和HMACouter是内部实现细节,将在Python 3.10中删除。

This module also provides the following helper function:此模块还提供以下辅助功能:

hmac.compare_digest(a, b)

Return a == b. 返回a==bThis function uses an approach designed to prevent timing analysis by avoiding content-based short circuiting behaviour, making it appropriate for cryptography. 该函数使用了一种方法,通过避免基于内容的短路行为来防止定时分析,使其适合于加密。a and b must both be of the same type: either str (ASCII only, as e.g. returned by HMAC.hexdigest()), or a bytes-like object.ab必须是同一类型:str(仅限ASCII,例如由HMAC.hexdigest()返回)或类似字节的对象

Note

If a and b are of different lengths, or if an error occurs, a timing attack could theoretically reveal information about the types and lengths of a and b—but not their values.如果ab的长度不同,或者发生错误,则定时攻击理论上可以揭示ab类型和长度的信息,但不能揭示其值。

New in version 3.3.版本3.3中新增。

Changed in version 3.10:版本3.10中更改: The function uses OpenSSL’s CRYPTO_memcmp() internally when available.该函数在可用时在内部使用OpenSSL的CRYPTO_memcmp()

See also参阅

Module hashlib

The Python module providing secure hash functions.Python模块提供安全哈希函数。