On Feb 21, 4:59 am, Peter Pearson <ppear...@nowhere.invalid> wrote: > On Sun, 20 Feb 2011 04:01:20 -0800, Paul Rubin <no.em...@nospam.invalid> > wrote: > > Stuart Longland <redhat...@gentoo.org> writes: > >> What format does hmac require the key to be in? > > > It's an arbitrary string. > > > I have a key in hexadecimal, do I give it the hex? Do I decode that > > to binary and give it that? > > > Probably yes. Do you have test vectors? See if they work. > > Test case from http://www.faqs.org/rfcs/rfc2104.html: [...] > >>> hmac.hmac_md5( "Hi There", 16*"\x0b" ) > > '\x92\x94rz68\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d'
No worries, thanks to both you Peter and Paul, I'll give this a shot. By the looks of things it is possible to just decode the hexadecimal to a binary string and give it that. I should perhaps elaborate on what I'm doing in case the specifics make a difference. I have a YubiKey which internally supports a challenge-response mode based on HMAC-SHA1. I've got a key, a sample challenge and the sample output which is included in the python-yubico module demos: https://github.com/yubico/python-yubico Before I worried about that though, I needed to have some kind of understanding as to how the hmac module was used. "Arbitrary string", sounds to me like I give it something akin to a passphrase, and that is hashed(?) to provide the symmetric key for the HMAC. Wikipedia seems to suggest it depends on the length of the key given, so if I give it a string that's exactly 160-bits (for HMAC-SHA1) it'll use it unmodified. Would that be a correct assertion? -- http://mail.python.org/mailman/listinfo/python-list