Next: , Previous: , Up: SXEmacs OpenSSL API   [Contents][Index]

62.2.4 Message Authentication Codes (aka keyed hashes)

Ordinary message digests only offer data integrity verification, while HMACs may be used to simultaneously verify both the data integrity and the authenticity of a message. This is accomplished by using a secret key. Now whenever two parties have agreed upon a common secret key, one of them can verify that a message hash was indeed computed by the other one.

Function: ossl-hmac digest message password

Return the message authentication code of message using the hash function digest and the key password.

Note: You probably want to put a wrapping encoder function (like base16-encode-string) around it, since this returns binary string data.

Unlike in public-key cryptography, this technique requires a new secret key for any two parties which want to communicate. On the other hand, this technique works symmetrically, that is the same function can be used for both generating and verifying a keyed message digest.

 (ossl-hmac 'SHA512 "string to hash" "secret"))
  ⇒ "62351dfae2030fb28058a2aeba6ce3597d803575c120109ed6cfee240d7
;; now hashing with a false password
 (ossl-hmac 'SHA512 "string to hash" "false"))
  ⇒ "44afb8f67ea7f66693e891e79b7295569163e3e6faebd47d2a63e564778