Questions tagged [hmac]

In cryptography, HMAC (Hash-based Message Authentication Code) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output length in bits and on the size and quality of the cryptographic key.

An iterative hash function breaks up a message into blocks of a fixed size and iterates over them with a compression function. For example, MD5 and SHA-1 operate on 512-bit blocks. The size of the output of HMAC is the same as that of the underlying hash function (128 or 160 bits in the case of MD5 or SHA-1, respectively), although it can be truncated if desired.

The definition and analysis of the HMAC construction was first published in 1996 by Mihir Bellare, Ran Canetti, and Hugo Krawczyk, who also wrote RFC 2104. This paper also defined a variant called NMAC that is rarely if ever used. FIPS PUB 198 generalizes and standardizes the use of HMACs. HMAC-SHA-1 and HMAC-MD5 are used within the IPsec and TLS protocols.

Source: Wikipedia

An example of calculating a HMAC-SHA256 in Java:

byte[] expectedResult = { /* Expected HMAC result from a prior run */
        96, 21, 116, 11, 4, -51, -115, -20, 104, 18, 117, -75, 3, -100, 126,
        -89, -22, 120, -120, 30, 102, 104, -125, -120, -62, 111, -75,
        24, 14, 62, 48, -65 };

byte[] secret = "your eyes only".getBytes();
String algorithm = "HmacSha256";

SecretKeySpec signingKey = new SecretKeySpec(secret, algorithm);

// Init HMAC usign secret
Mac hmac = Mac.getInstance(algorithm);
hmac.init(signingKey);

// Run message through HMAC and calculate result
byte[] message = "Don't tamper with me".getBytes();
byte[] macOutput = hmac.doFinal(message);

// Compare HMAC output to expected result
// A message that has been altered will not be equal
assertTrue(Arrays.equals(macOutput, expectedResult));

1439 questions

votes

2 answers

Generate HMAC SHA256 signature Python

Trying to generate HMAC SHA256 signature for 3Commas, I use the same parameters from the official example, it should generate: "30f678a157230290e00475cfffccbc92ae3659d94c145a2c0e9d0fa28f41c11a" But I…

python python-3.x hmac

asked Dec 24 '18 at 08:14

Sky

votes

3 answers

Difference between HMACSHA256 and HMACSHA512

We are using the below code to generate a HMac hash against a sensitive value in C# public string GenerateHMac(string key, string message) { var decodedKey = Convert.FromBase64String(key); var hasher = new HMACSHA256(decodedKey); var…

c# security cryptography hmac

asked Aug 06 '13 at 12:40

Luke Merrett

5,724
8
38
70

votes

3 answers

xcode ios HMAC SHA 256 hashing

So I'm trying to figure out how to do a hmacshad256 hash on ios as that's the hash I did for the wcf service api I made. I've been trying to look for some info about it but would usually just end up getting a SHA-256 hash. This is the only…

ios objective-c cryptography hmac sha256

asked Jan 25 '13 at 05:58

gdubs

2,724
9
55
102

votes

3 answers

basics of python encryption w/ hashlib sha1

I'm struggling to fully understand how encryption works and is coded, particularly with python. I'm just trying to get the basics down and create code in the simplest form. I'm going to be passing a userID between two different sites, but obviously…

python cryptography sha1 hmac hashlib

asked Jan 27 '11 at 18:02

adam

3,498
6
34
46

votes

1 answer

How to generate HMAC-SHA256 in .Net Core?

I am using this page to generate some test HMAC-SHA256 hashes for some texts: https://www.liavaag.org/English/SHA-Generator/HMAC/ However, when I try to use the approach in this MSDN guide in my .Net Core project, I do not get the same results.…

c# hash asp.net-core .net-core hmac

asked Dec 07 '17 at 02:36

Mohammed Noureldin

14,913
17
70
99

votes

4 answers

HMAC SHA256 in Swift 4

I have a string and a key, which i want to generate an HMAC SHA256 from it. Although i'm using 2 libs IDZSwiftCommonCrypto and CryptoSwift and this answer Nothing really worked for me. My source of truth are those 2…

swift cryptography swift4 hmac cryptoswift

asked Oct 12 '18 at 17:59

Konstantinos Natsios

2,874
9
39
74

votes

2 answers

Why does encrypting HMAC-SHA1 in exactly the same code in C# and PowerShell show different results?

I've been trying to encrypt a Amazon S3-like authorization key with HMAC-SHA1 in PowerShell with the following code: $str="PUT\n\napplication/x-zip-compressed\nThu, 09 Feb 2017 08:59:43…

c# powershell sha1 hmac

asked Feb 10 '17 at 02:18

Aries

votes

2 answers

React-Native + crypto : How to generate HMAC in React-Native?

I have tried crypto, which obviously doesn't work because it depends on node running. So, I turned to crypto-browserify, but I believe there are dependency issues. If anyone could help, I'd be much appreciative. For reference, I previously used…

cryptography react-native hmac

asked Oct 23 '15 at 22:25

Kelsey

votes

2 answers

Need to generate HMAC SHA256 hash in Objective C as in Java

I need to generate a hash using HMAC SHA256. I am using the following code in Java. I need an equivalent code in Objective-C. javax.crypto.Mac mac = javax.crypto.Mac.getInstance(type); javax.crypto.spec.SecretKeySpec secret = new…

java objective-c hash hmac

asked Dec 10 '11 at 18:39

Tushar

1,242
1
8
19

votes

1 answer

Create OAuth Signature with HMAC-SHA1 Encryption returns HTTP 401

The Question I need to authenticate to an API which needs OAuth encryption. I'm in the right direction but I am sure something is wrong with my signature base string. Since the HMACSHA1 Hash is based on a Key and BaseString, I get a wrong…

c# .net http oauth hmac

asked Jun 08 '15 at 09:56

Nick Prozee

2,823
4
22
49

votes

1 answer

Confused how to use AES and HMAC

I'm a little bit confused how to use AES and HMAC (based on SHA-256) in a proper way when transmitting the encrypted message from server to client or vice versa Correct me please if the following method is wrong: Take the secure key from the key…

cryptography aes hmac

asked Apr 23 '12 at 11:09

Valentin

votes

3 answers

AES256 CBC + HMAC SHA256 ensuring confidentiality and authentication?

I'm thinking of using AES256 CBC + HMAC SHA-256 as a building block for messages that ensures both confidentiality and authentication. In particular, consider this scenario: Alice is possession a public key belonging to Bob (the key exchange and…

security cryptography hmac aes

asked Mar 08 '11 at 16:17

Nuoji

3,438
2
21
35

votes

3 answers

HMAC authentication via Postman

I'm using an example for setting up HMAC authentication for a Web API project. The original example source code/project is available here: http://bitoftech.net/2014/12/15/secure-asp-net-web-api-using-api-key-authentication-hmac-authentication/ I'm…

c# security postman hmac

asked Jul 23 '18 at 09:43

Sulphy

votes

3 answers

HMAC security - Is the security of the HMAC based on SHA-1 affected by the collisions attacks on SHA-1?

Is the security of the HMAC based on SHA-1 affected by the collisions attacks on SHA-1?

cryptography sha1 hashcode hmac cryptographic-hash-function

asked Jul 26 '10 at 11:53

Daniel Gartmann

11,678
12
45
60

votes

3 answers

Why is ComputeHash not acting deterministically?

I've run into an interesting issue.. It seems that ComputeHash() for a "HMACSHA256" hash is not behaving deterministically.. if I create two instances of HashAlgorithm using HashAlgorithm.Create("HMACSHA256").. And run ComputeHash, I get two…

c# .net hmac hashalgorithm

asked Jul 06 '10 at 13:14

Josh Handel

1,690
2
13
21

Prev 1 2

…

95 96 Next