<h1>Table of Contents<span class="tocSkip"></span></h1>
<div class="toc"><ul class="toc-item"><li><span><a href="#Imports" data-toc-modified-id="Imports-1"><span class="toc-item-num">1&nbsp;&nbsp;</span>Imports</a></span></li><li><span><a href="#Generate-random-secret" data-toc-modified-id="Generate-random-secret-2"><span class="toc-item-num">2&nbsp;&nbsp;</span>Generate random secret</a></span></li><li><span><a href="#Use-secret-in-HMAC-hash" data-toc-modified-id="Use-secret-in-HMAC-hash-3"><span class="toc-item-num">3&nbsp;&nbsp;</span>Use secret in HMAC hash</a></span></li></ul></div>

# Imports

In [None]:
# use Python 3.6 secrets package
import hashlib
import math
import secrets
import sys

# Generate random secret

- Back to [Tabe of Contents](#Table-of-Contents)

In [None]:
# Create random hexadecimal token of default size (32 bytes, 64 hex digits)
token_hex = secrets.token_hex()
print( "token: " + token_hex + "; length = " + str( len( token_hex ) ) )

In [None]:
# convert to integer
token_int = int( token_hex, 16 )
print( "Default token int: " + str( token_int ) )

In [None]:
# get bit count
token_bit_count = token_int.bit_length()
print( "token bit count = " + str( token_bit_count ) )

In [None]:
# get byte count
token_byte_count = token_bit_count / 8
token_byte_count = math.ceil( token_byte_count )
token_byte_count = int( token_byte_count )
print( "token byte count = " + str( token_byte_count ) )

In [None]:
# convert to bytes
token_bytes = token_int.to_bytes( token_byte_count, byteorder = sys.byteorder )
print( "token bytes = " + str( token_bytes ) )

In [None]:
# hash to create salt value
salt_hash = hashlib.sha256( token_bytes )
salt = salt_hash.hexdigest()
print( "salt (not including quotation marks): \"" + str( salt ) + "\"; type = " + str( type( salt ) ) )

# Use secret in HMAC hash

- Back to [Table of Contents](#Table-of-Contents)

At this point, we will use a different, less rigorously generated secret ("fakedata", from all the examples), and show how you take a secret and use it in an HMAC hash in Python.

In [None]:
# what is our secret?
value_IN = "fakedata"

# get hasher
sha256_instance = hashlib.sha256()

# encode to utf-8, then put the secret in the SHA256 hasher.
encoded_passphrase = value_IN.encode( "utf-8" )
sha256_instance.update( encoded_passphrase )

# get hash as digest (byte array)
passphrase_hash = sha256_instance.digest()
print( "digest(): {}".format( passphrase_hash ) )

# get hash as hexdigest (byte array)
passphrase_hash_hex = sha256_instance.hexdigest()
print( "hexdigest(): {}".format( passphrase_hash_hex ) )

In [None]:
# byte array secret and encoded message (each is required)
import hmac
message = "123456789"
encoded_message = message.encode( "utf-8" )
hmac_key = passphrase_hash
hmac_instance = hmac.new( hmac_key, encoded_message, digestmod = hashlib.sha256 )
hashed_value = hmac_instance.hexdigest()
print( "Hash of {}: {}".format( message, hashed_value )  )