NAME¶

hmac-string - (encryption)

PURPOSE¶

Create HMAC.

SYNTAX¶

hmac-string <string> to <result> \


    key <key> \


    [ binary [ <binary> ] \


    [ digest <digest algorithm> ]

DESCRIPTION¶

hmac-string produces by default a SHA256-based HMAC (Hash Message Authentication Code) of <string> (if "digest" clause is not used) using secret <key>, and stores the result into <result>. You can use a different <digest algorithm> in "digest" clause (for example "SHA3-256"). To see a list of available digests:

#get digests
openssl list -digest-algorithms

If "binary" clause is used without boolean variable <binary>, or if <binary> evaluates to true, then the <result> is a binary string that may contain null-characters. With the default SHA256, it is 32 bytes in length, while for instance with SHA3-384 it is 48 bytes in length, etc.

Without "binary" clause, or if <binary> evaluates to false, each binary byte of HMAC is converted to two hexadecimal characters ("0"-"9" and "a"-"f"), hence <result> is twice as long as with "binary" clause.

EXAMPLES¶

String "result" will have a HMAC value of a given string, an example of which might look like "2d948cc89148ef96fa4f1876e74af4ce984423d355beb12f7fdba5383143bee0"

hmac-string "some data" key "mykey" to result

Using a different digest:

hmac-string "some data" key "mykey" to result digest "sha3-384"

Producing a binary value instead of a null-terminated hexadecimal string, and then making a Base64 string out of it:

hmac-string "some data" key "mykey" digest "SHA256" to result binary
encode-base64 result to bresult

SEE ALSO¶

Encryption

decrypt-data derive-key encrypt-data hash-string hmac-string random-crypto random-string See all documentation