HMAC (Hash-based message authentication codes)

HMAC stands for Hash-based message authentication codes which is often used between communication between server and client.

  1. The server and client are both provided with a secret key known only by that specific server and client.
  2. The client generates a unique HMAC, or hash, per request to the server by hashing the request data with the secret key and sending it as part of a request.
  3. The server receives the request and regenerates its own unique HMAC, it compares the two HMACs. If they’re equal, the client is trusted and the request is executed.
  4. The whole process is well described here by Amazon.
  5. RFC 2104 – HMAC: Keyed-Hashing for Message Authentication
  6. Example of codes for creating HMAC-SHA256.

Author: aerodc

Software Engineer