Hash-Based Message Authentication Code (HMAC) or Keyed-Hash Message Authentication Code
- is a specific type of message authentication code (MAC)involving a keyed hash function (i.e. a cryptographic hash function and a secret cryptographic key)
HMAC - Purpose
HMAC is used to simultaneously verify both:
- integrity - ensures message has not been tampered with
- authenticity - ensures message came from the stated sender
HMAC - Algorithm (How It Works)
In the calculation of an HMAC, any cryptographic hash function (e.g. MD or SHA) may be used. the resulting MAC algorithm is termed HMAC-X, where X is the hash function used (e.g. HMAC-SHA256 or HMAC-SHA3).
HMAC uses two passes of hash computation. The secret key is first used to derive two keys – inner and outer:
- 1rst pass produces an internal hash derived from the message and the inner key
- 2nd pass produces the final HMAC code derived from the inner hash result and the outer key