Plugin API » O (global) » Security » HMAC

HMAC signatures

HMAC is an algorithm for signing input data using a secret key.

You can use it to sign parameters on URLs and in HTTP requests so that they cannot be forged.

function O.security.hmac.sign(algorithm, secret, input)

Signs input using the specified algorithm and secret, and returns a hex-encoded signature.

algorithm can be one of "SHA1" or "SHA256". If you need to work with legacy systems, you can also specify "MD5". (MD5 is not recommended for new applications.)

secret must be at least 32 characters long, as short secrets are a bit pointless.

secret and input are converted to UTF-8 encoded bytes before signing.