NaviServer - programmable web server
4.99  5.0

[ Main Table Of Contents | Table Of Contents | Keyword Index ]

ns_hmac(n) 5.0.0a naviserver "NaviServer Built-in Commands"

Name

ns_hmac - Returns a string containing a keyed-hash message authentication code (HMAC)

Table Of Contents

Synopsis

Description

These functions return a keyed-hash message authentication code (HMAC) for the specified key and message, using the specified message digest algorithm. An HMAC is a message authentication code of a key (secret) with a message. It may be used to simultaneously verify both the data integrity and the authentication of a message. For details of HMAC, consult RFC 4231.

The provided commands provide a one-step interface and an incremental interface, where the latter one can be used to incrementally compute a HMAC e.g. by reading data from a file. This is especially important for computing a HMAC on content which is too large to be kept in memory.

The listed commands are available in installations when NaviServer is compiled with OpenSSL support and where the NSF package is installed.

COMMANDS

ns_hmac string ?-digest digest? ?-encoding encoding? key message

key Secret in the HMAC computation.

message Data from which the HMAC is to be computed.

ns_hmac file ?-digest digest? ?-encoding encoding? key filename args

key Secret in the HMAC computation

filename Path of a file containing the data from which the HMAC is to be computed. The file is read incrementally. args Optional paths to other files to be processed. The resulting HMAC is calculated cumulatively.

ns_hmac new ?-digest digest? -key key

Create and return a new HMAC object for incremental operations. The option -digest defaults to "sha256" the option -key has to be always specified.

$hmac_object add data

Add data incrementally to the HMAC object, which was created previously with ns_hmac new.

$hmac_object get ?-encoding encoding?

Return the current HMAC value from the HMAC object, to which data was added previously with the method add.

$hmac_object destroy

Delete the HMAC object (used for incremental operations).

OPTIONS

-digest digest

Digest algorithm for the checksum computation. The available algorithms are implemented in OpenSSL. The current versions of OpenSSL supports the following message digest algorithms: "blake2b512 blake2s256 md4 md5 md5-sha1 mdc2 ripemd160 sha1 sha224 sha256 sha3-224 sha3-256 sha3-384 sha3-512 sha384 sha512 sha512-224 sha512-256 shake128 shake256 sm3 whirlpool". The default value is "sha256"

-encoding encoding

The option -encoding encoding specifies the output encoding used for the resulting values of the dict. Possible encodings are hex, base64url, base64, or binary. Default is hex.

  nscp 2> ns_hmac string -digest sha256 "Jefe" "what do ya want for nothing?"
  5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843

See Also

ns_crypt, ns_crypto, ns_hotp, ns_md, ns_md5, ns_rand, ns_sha, ns_sha1, ns_totp, nsd

Keywords

HMAC, crypto, encoding, nsf