Hash-based Message Authentication Codes

[https://en.wikipedia.org/wiki/HMAC]

In cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and authenticity of a message.

C API Documentation

pgsodium provides hmacsha512 and hmacsha256, only 512-bit examples are provided below, the 256-bit API is identical but using names like crypto_auth_hmacsha256_*.

%load_ext sql
%config SqlMagic.feedback=False
%config SqlMagic.displaycon=False
%sql postgresql://postgres@/
%%sql 
CREATE EXTENSION IF NOT EXISTS pgsodium;
[]

crypto_auth_hmacsha512_keygen()

key = %sql select pgsodium.crypto_auth_hmacsha512_keygen()
key = key[0][0].tobytes()
print(key)
b'|\'\x88\xf1\x88\x82\x8b\xcb"O\x1a\'\xb8#c\xa6f\x1ag\x05nx5\xc2\xe5u8</\xa0\xbd\x18'

crypto_auth_hmacsha512(message bytea, key bytea)

signature = %sql select pgsodium.crypto_auth_hmacsha512('this is authentic', :key)
signature = signature[0][0].tobytes()
print(signature)
b'2\xae\x9d_\xb2\xaf\xf1\x08tq2\x97V*\xb1\x10\xb6b\xb1s\xcc\x06\x95\x12\x9f\xfb\xbc\x07-L]m\x88\\\x80\x98\x8cHc\xbd\x96\xe5\xb1\xd9{\x17\x1eP\x11^\xc3\x1f\x89\xb7\xacL&\x12\xd7\xefr\xe7j8'

crypto_auth_hmacsha512_verify(signature bytea, message bytea, key bytea)

verify = %sql select pgsodium.crypto_auth_hmacsha512_verify(:signature, 'this is authentic', :key)
print(verify)
+-------------------------------+
| crypto_auth_hmacsha512_verify |
+-------------------------------+
|              True             |
+-------------------------------+