Functions
hmac-sha256 core
fn (key: Str | Bytes, data: Str | Bytes): StrHMAC-SHA256 message authentication code. Returns hex-encoded 64-character string. Essential for AWS Signature v4, webhook verification, and API authentication.
Example
hmac-sha256("secret-key", "message to sign")
// 64-character hex string
// AWS Signature v4 key derivation chain
k-date hmac-sha256-bytes(`AWS4${secret}`, date)
k-region hmac-sha256-bytes(k-date, region)
k-service hmac-sha256-bytes(k-region, service)
k-signing hmac-sha256-bytes(k-service, "aws4_request")
hmac-sha256-bytes core
fn (key: Str | Bytes, data: Str | Bytes): BytesHMAC-SHA256 returning raw bytes instead of hex. Useful for chained HMAC operations like AWS Signature v4.
Example
// Chain HMACs for key derivation
k-date hmac-sha256-bytes(`AWS4${secret}`, "20231215")
k-region hmac-sha256-bytes(k-date, "us-east-1")
hmac-verify core
fn (key: Str | Bytes, data: Str | Bytes, expected: Str, algorithm: Str): BoolVerify HMAC in constant time to prevent timing attacks. Returns true if the computed HMAC matches the expected value.
Example
// Verify a webhook signature
is-valid hmac-verify(secret, payload, signature, "sha256")
// Supported algorithms: "sha256", "sha512", "sha1"
hmac-sha1
fn (key: Str | Bytes, data: Str | Bytes): StrHMAC-SHA1 (legacy). Use only for compatibility with existing systems. NOT recommended for new applications.
Example
// GitHub webhook signature verification
hmac-sha1(webhook-secret, payload)
hmac-sha512
fn (key: Str | Bytes, data: Str | Bytes): StrHMAC-SHA512 message authentication code. Returns hex-encoded 128-character string.
Example
hmac-sha512("secret-key", "message")
// 128-character hex string