Keyed-Hashing for Message Authentication in python

PythonServer Side ProgrammingProgramming

Message authentication using cryptographic hash functions in python can be achieved through the HMAC mechanism. We can use HMAC with multiple iterable hash functions such as MD5, SHA-1 in combination with a secret shared key.

The basic idea is to secure our data, by generating a cryptographic hash of the actual data combined with a shared secret key. The final result is sent without the secret key but the resulting hash can be used to check the transmitted or stored message.

Syntax

hmac.new(key, msg = None, digestmod = None)

Returns a generate new hmac object.

Where −

  • Key – The shared secret key here.

  • Msg – the message to hash here the message to hash here

  • Digestmod – digest name or module for the HMAC object to use

Methods and Attributes of the HMAC module −

  • hmac.update(message)

    Used to update the hmac object using the given message. Messages will get appended if you call this method more than once.

  • hmac.digest()

    Return the digest of the bytes passed to the update() method so far.

  • hashlib.hexdigest()

    Like digest() except the digest is returned as a string twice the length containing only hexadecimal digits. This may be used to exchange the value safely in email or other non-binary environments.

  • haslib.copy()

    Return a copy (“clone”) of the hmac object.

Example1

Creating a hash, using the default MD5 hash algorithm.

 Live Demo

#Import libraries
import hashlib
import hmac
#data
update_bytes = b'Lorem ipsum dolor sit amet, consectetur adipiscing elit. \
   Suspendisse tristique condimentum viverra. Nulla accumsan \
   orci risus, non congue lacus feugiat id.'
#secret key
password = b'402xy5#'
#Generate cryptographic hash using md5
my_hmac = hmac.new(update_bytes, password, hashlib.md5)
print("The first digest: " + str(my_hmac.digest()))
print("The Canonical Name: " + my_hmac.name)
print("Block size: " + str (my_hmac.block_size) + "bytes")
print("Digest size: " + str(my_hmac.digest_size) + "bytes")
#Create a copy of the hmac object
my_hmac_cpy = my_hmac.copy()
print("The Copied digest: " + str(my_hmac_cpy.digest()))

Output

The first digest: b'H\xcc.nf\xdd\x8bC\x8di\x0cC\xb8\xe9l\xa8'
The Canonical Name: hmac-md5
Block size: 64bytes
Digest size: 16bytes
The Copied digest: b'H\xcc.nf\xdd\x8bC\x8di\x0cC\xb8\xe9l\xa8'

As SHA1 is considered more secure than MD5 algorithm and if you are thinking of running the above program using SHA1 algorithm. Just modify the algorithm name in this line,

my_hmac = hmac.new(update_bytes, password,hashlib.sha1)
and our result will be something like:

The first digest: b'\xc3T\xe7[\xc8\xa3O/$\xbd`A\xad\x07d\xe8\xae\xa2!\xb4'

The Canonical Name: hmac-sha1
Block size: 64bytes
Digest size: 20bytes
The Copied digest: b'\xc3T\xe7[\xc8\xa3O/$\xbd`A\xad\x07d\xe8\xae\xa2!\xb4'

Applications

HMAC authentication mechanism can be used in any place where security is important like public network services. For example, in public network we are sending an important file/data through a pipe or socket, that file/data should be signed and then the signature should be tested before the data is used.

raja
Published on 20-Feb-2019 10:21:15
Advertisements