Hash-Based Algorithms

Hash-based algorithms extend hash functions for cryptographic purposes:

  • HMAC (Hash-based Message Authentication Code) provides message authentication and integrity using a shared key.

  • HKDF (HMAC-based Key Derivation Function) derives secure cryptographic keys from a source key material. These are widely used in secure communications and key management.

pycrypt.hash.hmac(key, message, hash=<class 'pycrypt.hash.sha.variants.SHA256'>)[source]

Compute HMAC (Hash-based Message Authentication Code) for a message.

HMAC combines a secret key with a cryptographic hash function to produce a message authentication code, which can be used for integrity and authenticity checks.

Example

>>> key = b"secret"
>>> msg = b"hello world"
>>> hmac(key, msg).hex()
'...'  # 64-character hex for SHA-256
Parameters:

  • key (bytes) – Secret key.

  • message (bytes) – Input message to authenticate.

  • hash (class, optional) – Hash function class (default is SHA256).

Returns:

The HMAC digest.

Return type:

bytes

pycrypt.hash.hkdf(ikm, length, salt=b'', info=b'', hash=<class 'pycrypt.hash.sha.variants.SHA256'>)[source]

Derive cryptographic keys using HKDF (HMAC-based Key Derivation Function).

HKDF extracts a pseudorandom key from input keying material and expands it to the desired output length using HMAC.

Example

>>> ikm = b"input key material"
>>> hkdf(ikm, 32).hex()
'...'  # 64-character hex for 32-byte derived key
Parameters:

  • ikm (bytes) – Input keying material.

  • length (int) – Desired length of output keying material in bytes.

  • salt (bytes, optional) – Optional salt value (default is empty).

  • info (bytes, optional) – Context/application-specific info (default is empty).

  • hash (class, optional) – Hash function class (default is SHA256).

Returns:

Derived key of specified length.

Return type:

bytes