hmac module and key format
redhatter at gentoo.org
Mon Feb 21 11:27:36 CET 2011
On Feb 21, 4:59 am, Peter Pearson <ppear... at nowhere.invalid> wrote:
> On Sun, 20 Feb 2011 04:01:20 -0800, Paul Rubin <no.em... at nospam.invalid> wrote:
> > Stuart Longland <redhat... at gentoo.org> writes:
> >> What format does hmac require the key to be in?
> > It's an arbitrary string.
> > I have a key in hexadecimal, do I give it the hex? Do I decode that
> > to binary and give it that?
> > Probably yes. Do you have test vectors? See if they work.
> Test case from http://www.faqs.org/rfcs/rfc2104.html:
> >>> hmac.hmac_md5( "Hi There", 16*"\x0b" )
No worries, thanks to both you Peter and Paul, I'll give this a shot.
By the looks of things it is possible to just decode the hexadecimal
to a binary string and give it that.
I should perhaps elaborate on what I'm doing in case the specifics
make a difference. I have a YubiKey which internally supports a
challenge-response mode based on HMAC-SHA1. I've got a key, a sample
challenge and the sample output which is included in the python-yubico
Before I worried about that though, I needed to have some kind of
understanding as to how the hmac module was used. "Arbitrary string",
sounds to me like I give it something akin to a passphrase, and that
is hashed(?) to provide the symmetric key for the HMAC. Wikipedia
seems to suggest it depends on the length of the key given, so if I
give it a string that's exactly 160-bits (for HMAC-SHA1) it'll use it
unmodified. Would that be a correct assertion?
More information about the Python-list