虫术
目录

HMAC

关于 HMAC 哈希算法

HMAC 是密钥相关的哈希运算消息认证码(Hash-based Message Authentication Code)的缩写,是一种通过特别计算方式之后产生的消息认证码(MAC),使用密码散列函数,同时结合一个加密密钥。它可以用来保证资料的完整性,同时可以用来作某个消息的身份验证。简单来说,HMAC 算法就是在 MD5、SHA 两种加密的基础上引入了秘钥,其密文也和 MD5、SHA 类似,密文的长度和使用的 MD5、SHA 算法对应密文的长度是一样的,HMAC 可分为:

  • HMAC-MD5
  • HMAC-SHA-1
  • HMAC-SHA-224
  • HMAC-SHA-256
  • HMAC-SHA-384
  • HMAC-SHA-512
  • HMAC-SHA3-224
  • HMAC-SHA3-256
  • HMAC-SHA3-384
  • HMAC-SHA3-512
  • HMAC-RIPEMD-160

HMAC 维基百科 (opens new window)

# Python 3.0+

# 安装依赖 pip install pycryptodome

import hmac
import hashlib
from Crypto.Hash import RIPEMD


def hmac_hash(hash_key, hash_data, hash_algorithm):
    hmac_result = hmac.new(hash_key.encode(), hash_data.encode(), hash_algorithm)
    return hmac_result.hexdigest()


def hmac_hash_ripemd160(hash_key, hash_data):
    hmac_result = hmac.new(hash_key.encode(), hash_data.encode(), RIPEMD)
    return hmac_result.hexdigest()


key = "spiderapi"
data = "spiderapi.cn - 虫术"

print("HMAC-MD5 值: ", hmac_hash(key, data, hashlib.md5))            # b7fb775de287693efcdf4800328090ac
print("HMAC-SHA-1 值: ", hmac_hash(key, data, hashlib.sha1))         # 991cc6a5a76a7a329c6201bedd62794f1bef3cb7
print("HMAC-SHA-224 值: ", hmac_hash(key, data, hashlib.sha224))     # 149e19e357f991ce6e997ac7db69e61fa41b7b10fd26e07af83ef691
print("HMAC-SHA-256 值: ", hmac_hash(key, data, hashlib.sha256))     # ff605bd71b01d22f836ae60a622253d3e0761a4b275bf7952e061c419514c44e
print("HMAC-SHA-384 值: ", hmac_hash(key, data, hashlib.sha384))     # a78c0cb3bc0ecb27a7a4b9527f18b9fa9ea8bf625798bc3c225b3695e8f9cad52eb7d76e8a18b1bcf23d9f13d3eb65fe
print("HMAC-SHA-512 值: ", hmac_hash(key, data, hashlib.sha512))     # 668258a31cd742fef5c47511aa60d46998c62422d73470976c19c895c29b9f8a155fd8b7b95e534453b18294cf0064f30be9293fc9061421e3e8d30f1f7da886
print("HMAC-SHA3-224 值: ", hmac_hash(key, data, hashlib.sha3_224))  # 4ebea358ef7123734a9f585f9825d91a4779b2b69c8fb1218ad6850d
print("HMAC-SHA3-256 值: ", hmac_hash(key, data, hashlib.sha3_256))  # ab67f986a381d6992d773fddc2367b9592df5f19ea2c2a3d4c19291c5b1492d4
print("HMAC-SHA3-384 值: ", hmac_hash(key, data, hashlib.sha3_384))  # bb2da5b39030fd22e8b3acc4d34d7e78c7739b5dd740c51897009f49b5c8384de0f9b784bebddca13255f1956734a542
print("HMAC-SHA3-512 值: ", hmac_hash(key, data, hashlib.sha3_512))  # 75cc29368c86c102280b68ad64f09c5d90596f760fef39a331afadc5bcdc9ac70d17bbd02a3bb61c22e81f7cfcb12ed10ee094003b382262f68f1dcc074ff032
print("HMAC-RIPEMD-160 值: ", hmac_hash_ripemd160(key, data))        # 136838f8f725e801d76c1a376395884d1068d425
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

# JavaScript Node.js ECMAScript 5.1+

    var crypto = require("crypto");


function hmacHash(hashKey, hashData, hashAlgorithm) {
    var hmac = crypto.createHmac(hashAlgorithm, hashKey);
    hmac.update(hashData);
    return hmac.digest("hex");
}

var key = "spiderapi"
var data = "spiderapi.cn - 虫术";

console.log("HMAC-MD5 值: ", hmacHash(key, data, "md5"))               // b7fb775de287693efcdf4800328090ac
console.log("HMAC-SHA-1 值: ", hmacHash(key, data, "sha1"))            // 991cc6a5a76a7a329c6201bedd62794f1bef3cb7
console.log("HMAC-SHA-224 值: ", hmacHash(key, data, "sha224"))        // 149e19e357f991ce6e997ac7db69e61fa41b7b10fd26e07af83ef691
console.log("HMAC-SHA-256 值: ", hmacHash(key, data, "sha256"))        // ff605bd71b01d22f836ae60a622253d3e0761a4b275bf7952e061c419514c44e
console.log("HMAC-SHA-384 值: ", hmacHash(key, data, "sha384"))        // a78c0cb3bc0ecb27a7a4b9527f18b9fa9ea8bf625798bc3c225b3695e8f9cad52eb7d76e8a18b1bcf23d9f13d3eb65fe
console.log("HMAC-SHA-512 值: ", hmacHash(key, data, "sha512"))        // 668258a31cd742fef5c47511aa60d46998c62422d73470976c19c895c29b9f8a155fd8b7b95e534453b18294cf0064f30be9293fc9061421e3e8d30f1f7da886
console.log("HMAC-SHA3-224 值: ", hmacHash(key, data, "sha3-224"))     // 4ebea358ef7123734a9f585f9825d91a4779b2b69c8fb1218ad6850d
console.log("HMAC-SHA3-256 值: ", hmacHash(key, data, "sha3-256"))     // ab67f986a381d6992d773fddc2367b9592df5f19ea2c2a3d4c19291c5b1492d4
console.log("HMAC-SHA3-384 值: ", hmacHash(key, data, "sha3-384"))     // bb2da5b39030fd22e8b3acc4d34d7e78c7739b5dd740c51897009f49b5c8384de0f9b784bebddca13255f1956734a542
console.log("HMAC-SHA3-512 值: ", hmacHash(key, data, "sha3-512"))     // 75cc29368c86c102280b68ad64f09c5d90596f760fef39a331afadc5bcdc9ac70d17bbd02a3bb61c22e81f7cfcb12ed10ee094003b382262f68f1dcc074ff032
console.log("HMAC-RIPEMD-160 值: ", hmacHash(key, data, "ripemd160"))  // 136838f8f725e801d76c1a376395884d1068d425
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    // 安装依赖 npm install crypto-js
// crypto-js 不支持 HMAC-SHA3-224、HMAC-SHA3-256、HMAC-SHA3-384 和 HMAC-SHA3-512

var CryptoJS = require("crypto-js");

var key = "spiderapi"
var data = "spiderapi.cn - 虫术";

console.log("HMAC-MD5 值: ", CryptoJS.HmacMD5(data, key).toString())               // b7fb775de287693efcdf4800328090ac
console.log("HMAC-SHA-1 值: ", CryptoJS.HmacSHA1(data, key).toString())            // 991cc6a5a76a7a329c6201bedd62794f1bef3cb7
console.log("HMAC-SHA-224 值: ", CryptoJS.HmacSHA224(data, key).toString())        // 149e19e357f991ce6e997ac7db69e61fa41b7b10fd26e07af83ef691
console.log("HMAC-SHA-256 值: ", CryptoJS.HmacSHA256(data, key).toString())        // ff605bd71b01d22f836ae60a622253d3e0761a4b275bf7952e061c419514c44e
console.log("HMAC-SHA-384 值: ", CryptoJS.HmacSHA384(data, key).toString())        // a78c0cb3bc0ecb27a7a4b9527f18b9fa9ea8bf625798bc3c225b3695e8f9cad52eb7d76e8a18b1bcf23d9f13d3eb65fe
console.log("HMAC-SHA-512 值: ", CryptoJS.HmacSHA512(data, key).toString())        // 668258a31cd742fef5c47511aa60d46998c62422d73470976c19c895c29b9f8a155fd8b7b95e534453b18294cf0064f30be9293fc9061421e3e8d30f1f7da886
console.log("HMAC-RIPEMD-160 值: ", CryptoJS.HmacRIPEMD160(data, key).toString())  // 136838f8f725e801d76c1a376395884d1068d425
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    // Make sure to add code blocks to your code group

    # Golang 1.0+

    // 安装依赖:go get golang.org/x/crypto

package main

import (
    "crypto/hmac"
    "crypto/md5"
    "crypto/sha1"
    "crypto/sha256"
    "crypto/sha512"
    "encoding/hex"
    "fmt"
    "golang.org/x/crypto/ripemd160"
    "golang.org/x/crypto/sha3"
    "hash"
)

func hmacHash(hashKey, hashData string, hashAlgorithm func() hash.Hash) string {
    key := []byte(hashKey)
    data := []byte(hashData)
    h := hmac.New(hashAlgorithm, key)
    h.Write(data)
    return hex.EncodeToString(h.Sum(nil))
}

func main() {
    key := "spiderapi"
    data := "spiderapi.cn - 虫术"
  
    fmt.Println("HMAC-MD5 值: ", hmacHash(key, data, md5.New))              // b7fb775de287693efcdf4800328090ac
    fmt.Println("HMAC-SHA-1 值: ", hmacHash(key, data, sha1.New))           // 991cc6a5a76a7a329c6201bedd62794f1bef3cb7
    fmt.Println("HMAC-SHA-224 值: ", hmacHash(key, data, sha256.New224))    // 149e19e357f991ce6e997ac7db69e61fa41b7b10fd26e07af83ef691
    fmt.Println("HMAC-SHA-256 值: ", hmacHash(key, data, sha256.New))       // ff605bd71b01d22f836ae60a622253d3e0761a4b275bf7952e061c419514c44e
    fmt.Println("HMAC-SHA-384 值: ", hmacHash(key, data, sha512.New384))    // a78c0cb3bc0ecb27a7a4b9527f18b9fa9ea8bf625798bc3c225b3695e8f9cad52eb7d76e8a18b1bcf23d9f13d3eb65fe
    fmt.Println("HMAC-SHA-512 值: ", hmacHash(key, data, sha512.New))       // 668258a31cd742fef5c47511aa60d46998c62422d73470976c19c895c29b9f8a155fd8b7b95e534453b18294cf0064f30be9293fc9061421e3e8d30f1f7da886
    fmt.Println("HMAC-SHA3-224 值: ", hmacHash(key, data, sha3.New224))     // 4ebea358ef7123734a9f585f9825d91a4779b2b69c8fb1218ad6850d
    fmt.Println("HMAC-SHA3-256 值: ", hmacHash(key, data, sha3.New256))     // ab67f986a381d6992d773fddc2367b9592df5f19ea2c2a3d4c19291c5b1492d4
    fmt.Println("HMAC-SHA3-384 值: ", hmacHash(key, data, sha3.New384))     // bb2da5b39030fd22e8b3acc4d34d7e78c7739b5dd740c51897009f49b5c8384de0f9b784bebddca13255f1956734a542
    fmt.Println("HMAC-SHA3-512 值: ", hmacHash(key, data, sha3.New512))     // 75cc29368c86c102280b68ad64f09c5d90596f760fef39a331afadc5bcdc9ac70d17bbd02a3bb61c22e81f7cfcb12ed10ee094003b382262f68f1dcc074ff032
    fmt.Println("HMAC-RIPEMD-160 值: ", hmacHash(key, data, ripemd160.New)) // 136838f8f725e801d76c1a376395884d1068d425
}
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41

    # 主要特征

    由于 HMAC 算法就是在 MD5、SHA 两种算法的基础上引入了秘钥,所以其密文也和 MD5、SHA 类似,密文的长度和使用的 MD5、SHA 算法对应密文的长度是一样的。特征如下:

    • HMAC-MD5:字母(a-f)和数字(0-9)混合,位数一般为 32 位;
    • HMAC-SHA-1:字母(a-f)和数字(0-9)混合,固定位数 40 位;
    • HMAC-SHA-224 / HMAC-SHA3-224:字母(a-f)和数字(0-9)混合,固定位数 56 位;
    • HMAC-SHA-256 / HMAC-SHA3-256:字母(a-f)和数字(0-9)混合,固定位数 64 位;
    • HMAC-SHA-384 / HMAC-SHA3-384:字母(a-f)和数字(0-9)混合,固定位数 96 位;
    • HMAC-SHA-512 / HMAC-SHA3-512:字母(a-f)和数字(0-9)混合,固定位数 128 位;
    • HMAC-RIPEMD-160:字母(a-f)和数字(0-9)混合,固定位数 40 位。

    HMAC 和 SHA、MD5 的密文都很像,当无法确定是否为 HMAC 时,可以通过其名称搜索到加密方法,如果传入了密钥 key,说明就是 HMAC,当然你也可以直接当做是 SHA 或 MD5 来解,解密失败时就得考虑是否有密钥。

    示例(密钥 spiderapi):

    编码类型 示例
    明文 123456
    HMAC-MD5 58363adc66f92f49bd70aa62c2519e39
    HMAC-SHA-1 58dfa53888e3f5a5dfeafd74bc67428756bebc93
    HMAC-SHA-224 740839e11183a155bba6c309973ae361f5e41d82b0ab43500624391e
    HMAC-SHA-256 9182e7ff9430bc11321076680820198c4dd50c69b66c15db817961227c989ce0
    HMAC-SHA3-224 1d961ebaee1b4b78a64f3ca3c110a39284570c2bafdbff14eb2e5a59
    HMAC-SHA3-256 60f454d239b616f44163c6e236eb7b5e4a12192509482345be5721cd93b977da
    HMAC-RIPEMD-160 10af3008f6a808770d7ff2a473ae295e70e8b929

    # 在线工具

    帮助我们改善此页 (opens new window)
    上次更新: 2025/04/22, 14:38:07
    MD5
    SHA

    SHA

    ICP 备案 鄂ICP备19003281号-9MPS 公网安备 鄂公网安备42280202422959Theme by Vdoing Theme VdoingTencent EdgeOne Tencent EdgeOne51la 网站统计

    Copyright © 2023 - 2025 WuKong Security.正在载入网站运行时间...