(Engine-Level Function)
| Description: | Calculates the hash-based message authentication code (HMAC) for a given key and input message. Supports incremental HMAC generation. |
| Returns: | Text |
Usage:  |
Script Only. |
| Function Groups: | Cryptography |
| Related to: | CryptRandom |
| Format: |
GenerateHMAC(Algorithm, Key, Message) |
| Parameters: |
| Algorithm |
|
Required text. The hash algorithm to use. Any of the Microsoft CNG hashing algorithms may be used, including "SHA1", "SHA256", "SHA384", "SHA512" and others. A list is available at https://msdn.microsoft.com/en-us/library/windows/desktop/aa375534(v=vs.85).aspx |
| Key |
| Required text. The text string key to use for the HMAC. |
| Message |
| Required text. The text string to use as the input message |
| HashHandle |
|
Optional. If the parameter is Invalid or omitted, GenerateHMAC simply generates the HMAC for the supplied buffer. If the parameter is present, it must be a variable that will be set to a hash handle holding the current hash value. This can then be passed in as the 4th parameter to a further call to GenerateHMAC to add the contents of another buffer to the HMAC |
| Comments | HMAC stands for keyed-Hash Message Authentication Code. |
Example:
CurrentHMAC = Invalid;
GenerateHMAC("SHA256", SigningKey, FirstBuffer, CurrentHMAC);
GenerateHMAC("SHA256", "", FirstBuffer, CurrentHMAC);
FinalHMAC = GenerateHMAC("SHA256", "", Invalid, CurrentHMAC);
Note that the first 3 parameters must be valid. In this example, SigningKey is a text string used to "seed" the HMAC. To continue an incremental HMAC, the Key parameter must be an empty string to indicate that the omission of a signing key is intentional. Passing Invalid for the Message (3rd) parameter completes the HMAC and returns the generated HMAC. Completing the HMAC invalidates the incremental HMAC value.
