Next: openssl CIPHER, Previous: openssl MD, Up: SXEmacs OpenSSL API [Contents][Index]
Ordinary message digests only offer data integrity verification, while HMACs may be used to simultaneously verify both the data integrity and the authenticity of a message. This is accomplished by using a secret key. Now whenever two parties have agreed upon a common secret key, one of them can verify that a message hash was indeed computed by the other one.
Return the message authentication code of message using the hash function digest and the key password.
Note: You probably want to put a wrapping encoder function
(like base16-encode-string) around it, since this returns
binary string data.
Unlike in public-key cryptography, this technique requires a new secret key for any two parties which want to communicate. On the other hand, this technique works symmetrically, that is the same function can be used for both generating and verifying a keyed message digest.
(base16-encode-string
(ossl-hmac 'SHA512 "string to hash" "secret"))
⇒ "62351dfae2030fb28058a2aeba6ce3597d803575c120109ed6cfee240d7
50e71ffff1d8dfc8d52e666549dcb6ba95fb4d550bdc9f31178c19fecb4
30ddb7b565"
;; now hashing with a false password
(base16-encode-string
(ossl-hmac 'SHA512 "string to hash" "false"))
⇒ "44afb8f67ea7f66693e891e79b7295569163e3e6faebd47d2a63e564778
c72221cbb4cdff01ff1052ea98d2058f33c1ecf48f0c45bb64e526a81d8
f389436ab0"