Hash-based Message Authentication Code (HMAC)
Overview
This page contains recommendations for using a Hash-based message authentication code (HMAC).
General
Comply with requirements from the Cryptography: Hashing page when choosing a hash algorithm.
Comply with requirements from the Cryptography: Cryptographic Keys Management page when generating and storing a secret key.
Use secret keys of length 16+ bytes.
The length of a secret key does not exceed a hash block size.
Hash algorithm | Block size, bytes |
---|---|
SHA-256 | 64 |
SHA-512 | 128 |
SHA3-256 | 136 |
SHA3-512 | 72 |
You can use HMAC to check the integrity (signature) of messages between internal systems.
Do not use HMAC to integrate with a third-party system, use digital signatures.
Use HMAC based on hash algorithms from the
SHA-2
family.
HMAC implementation
Use the crypto/hmac package to calculate HMAC in Go.
Last updated