Hmac string

Purpose: Create HMAC.

 hmac-string <string> to <result> \
     key <key> \
     [ binary [ <binary> ] \
     [ digest <digest algorithm> ]

hmac-string produces by default a SHA256-based HMAC (Hash Message Authentication Code) of <string> (if "digest" clause is not used) using secret <key>, and stores the result into <result>.  You can use a different <digest algorithm> in "digest" clause (for example "SHA3-256"). To see a list of available digests:
#get digests
openssl list -digest-algorithms

If "binary" clause is used without boolean variable <binary>, or if <binary> evaluates to true, then the <result> is a binary string that may contain null-characters. With the default SHA256, it is 32 bytes in length, while for instance with SHA3-384 it is 48 bytes in length, etc.

Without "binary" clause, or if <binary> evaluates to false, each binary byte of HMAC is converted to two hexadecimal characters ("0"-"9" and "a"-"f"), hence <result> is twice as long as with "binary" clause.
Examples
String "result" will have a HMAC value of a given string, an example of which might look like "2d948cc89148ef96fa4f1876e74af4ce984423d355beb12f7fdba5383143bee0"
 hmac-string "some data" key "mykey" to result

Using a different digest:
 hmac-string "some data" key "mykey" to result digest "sha3-384"

Producing a binary value instead of a null-terminated hexadecimal string, and then making a Base64 string out of it:
 hmac-string "some data" key "mykey" digest "SHA256" to result binary
 encode-base64 result to bresult

See also
Encryption
decrypt-data  
derive-key  
encrypt-data  
hash-string  
hmac-string  
random-crypto  
random-string  
See all
documentation


Copyright (c) 2019-2025 Gliim LLC. All contents on this web site is "AS IS" without warranties or guarantees of any kind.