class RbNaCl::HMAC::SHA512
@see nacl.cr.yp.to/auth.html<br><br>can also create them.
This is a secret key authenticator, i.e. anyone who can verify signatures
signatures and also has a constant-time implementation for checking them.
the provided authenticator. The class provides methods for generating
the message by recomputing the HMAC over the message and then comparing it to
The authenticator can be used at a later time to verify the provenance of
Computes an authenticator as HMAC-SHA-512
def compute_authenticator(authenticator, message)
def compute_authenticator(authenticator, message) state = State.new self.class.auth_hmacsha512_init(state, key, key.bytesize) self.class.auth_hmacsha512_update(state, message, message.bytesize) self.class.auth_hmacsha512_final(state, authenticator) end
def digest
-
(String)- The authenticator, as raw bytes
def digest @authenticator end
def hexdigest
-
(String)- The authenticator, as hex string
def hexdigest @authenticator.unpack("H*").last end
def initialize(key)
The key for HMAC can be of any length.
RFC 2104 HMAC
Create instance without checking key length
def initialize(key) @key = Util.check_hmac_key(key, "#{self.class} key") @state = State.new @authenticator = Util.zeros(tag_bytes) self.class.auth_hmacsha512_init(@state, key, key.bytesize) end
def update(message)
Compute authenticator for message
def update(message) self.class.auth_hmacsha512_update(@state, message, message.bytesize) self.class.auth_hmacsha512_final(@state.clone, @authenticator) hexdigest end
def verify_message(authenticator, message)
libsodium crypto_auth_hmacsha512_verify works only for 32 byte keys
def verify_message(authenticator, message) correct = Util.zeros(BYTES) compute_authenticator(correct, message) Util.verify64(correct, authenticator) end