hmac module and key format
Stuart Longland
redhatter at gentoo.org
Mon Feb 21 05:27:36 EST 2011
On Feb 21, 4:59 am, Peter Pearson <ppear... at nowhere.invalid> wrote:
> On Sun, 20 Feb 2011 04:01:20 -0800, Paul Rubin <no.em... at nospam.invalid> wrote:
> > Stuart Longland <redhat... at gentoo.org> writes:
> >> What format does hmac require the key to be in?
>
> > It's an arbitrary string.
>
> > I have a key in hexadecimal, do I give it the hex? Do I decode that
> > to binary and give it that?
>
> > Probably yes. Do you have test vectors? See if they work.
>
> Test case from http://www.faqs.org/rfcs/rfc2104.html:
[...]
> >>> hmac.hmac_md5( "Hi There", 16*"\x0b" )
>
> '\x92\x94rz68\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d'
No worries, thanks to both you Peter and Paul, I'll give this a shot.
By the looks of things it is possible to just decode the hexadecimal
to a binary string and give it that.
I should perhaps elaborate on what I'm doing in case the specifics
make a difference. I have a YubiKey which internally supports a
challenge-response mode based on HMAC-SHA1. I've got a key, a sample
challenge and the sample output which is included in the python-yubico
module demos:
https://github.com/yubico/python-yubico
Before I worried about that though, I needed to have some kind of
understanding as to how the hmac module was used. "Arbitrary string",
sounds to me like I give it something akin to a passphrase, and that
is hashed(?) to provide the symmetric key for the HMAC. Wikipedia
seems to suggest it depends on the length of the key given, so if I
give it a string that's exactly 160-bits (for HMAC-SHA1) it'll use it
unmodified. Would that be a correct assertion?
More information about the Python-list
mailing list