# hmac module

The hmac module implements Keyed-Hash Message Authentication Codes (HMAC), which are used to verify data integrity and authenticity using a shared secret key and a cryptographic hash function.

**Hashing alone (e.g., SHA-256) does not authenticate the sender. Anyone can hash the same message.**

**hmac solves this by:**

* Combining a secret key + message
* Producing a Message Authentication Code (MAC)

**Allowing the receiver to verify:**

* The message was not modified
* The sender knew the secret key

| Feature         | Hash (`hashlib`) | HMAC (`hmac`) | Encryption |
| --------------- | ---------------- | ------------- | ---------- |
| Secret key      | ❌                | ✅             | ✅          |
| Authentication  | ❌                | ✅             | ✅          |
| Integrity check | ❌                | ✅             | ❌          |
| Reversible      | ❌                | ❌             | ✅          |


In [30]:
import hmac
import hashlib
import time

In [31]:
def sign_in(secret_key, payload):
    """Generate HMAC signature for the given payload using the secret key."""
    timestamp = str(int(time.time()))
    body = payload + timestamp

    signature = hmac.new(
        key=secret_key,
        msg=body.encode(),
        digestmod=hashlib.sha256
    ).hexdigest()

    return signature, timestamp

### Verifying HMAC Signature

In [32]:
signatur, timest = sign_in(b'shra123456', '{"user":"shra1","action":"login"}')
signatur, timest

('957f12ef7751c3ae6f6a2f86e24dbc0a2e0b42c940c678411bb78826a94976cb',
 '1766238065')

In [33]:
expected_sign = hmac.new(
    key=b'shra123456',
    msg=b'{"user":"shra1","action":"login"}' + timest.encode(),
    digestmod=hashlib.sha256
)

In [34]:
hmac.compare_digest(signatur, expected_sign.hexdigest())

True

**hmac:** Provides message authentication by combining a secret key with a hash function to verify data integrity and authenticity.

**hashlib:** Generates cryptographic hash digests for data integrity, fingerprinting, and secure password derivation (without authentication by itself).

**secrets:** Generates cryptographically secure random values for tokens, passwords, and sensitive security-related data.