A python package that creates and verifies HMAC signatures

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gcain from gravatar.com gcain
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

easy-hmac

PyPI Python License: MIT

A pure Python package with zero dependencies to generate and verify HMAC-SHA256 signatures for HTTP request authentication.

Installation

pip install easy-hmac

Quick Start

Generate a signature

import datetime
from base64 import b64encode

from easy_hmac import generate_hmac_sha256

secret = "my-secret-key"
body = '{"event": "updated", "status": "PROCESSING"}'
method = "POST"
path = "/api/v1/webhook"
timestamp = datetime.datetime.now(datetime.UTC).strftime("%a, %d %b %Y %H:%M:%S GMT")

digest = generate_hmac_sha256(secret, method, body, path, timestamp)
signature = b64encode(digest).decode()

Verify a signature

from easy_hmac import verify_hmac, AuthenticationFailed

try:
    verify_hmac(
        secret=secret,
        hmac_base64=signature,
        md5_body=content_md5,
        raw_body=body.encode(),
        timestamp=timestamp,
        content_type="application/json",
        path=path,
        request_method=method,
    )
except AuthenticationFailed:
    # Signature invalid, body tampered, or timestamp expired (>15 min)
    pass

API

generate_hmac_sha256(secret, method, body, path, timestamp)

Generates an HMAC-SHA256 digest from HTTP request components.

Parameter Type Description
secret str The shared secret key
method str HTTP method (e.g. "POST")
body str The request body
path str The request path (e.g. "/api/v1/webhook")
timestamp str GMT timestamp formatted as "%a, %d %b %Y %H:%M:%S GMT"

Returns: bytes — the raw HMAC digest.

verify_hmac(secret, hmac_base64, md5_body, raw_body, timestamp, content_type, path, request_method)

Verifies an incoming HMAC signature against the request components. Checks the body integrity via MD5 hash and rejects requests older than 15 minutes.

Parameter Type Description
secret str The shared secret key
hmac_base64 str The base64-encoded HMAC from the request's Authorization header
md5_body str The base64-encoded MD5 hash from the Content-MD5 header
raw_body bytes The raw request body
timestamp str The Date header value
content_type str The Content-Type header value
path str The request path
request_method str The HTTP method

Returns: True if verification succeeds.

Raises: AuthenticationFailed if the signature is invalid, the body was tampered, the timestamp is malformed, or the request is older than 15 minutes.

Exceptions

AuthenticationFailed

Raised by verify_hmac when verification fails. Subclass of Exception.

Message Format

Both functions construct the HMAC message by joining components with newlines:

HTTP_METHOD\nCONTENT_MD5\nCONTENT_TYPE\nTIMESTAMP\nPATH

This follows a common pattern for REST API HMAC authentication where the content MD5 ensures body integrity and the timestamp prevents replay attacks.

Development

# Clone and set up
uv sync

# Run tests
uv run pytest

# Build
uv build

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gcain from gravatar.com gcain
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

This version

1.2.2

1.2.1

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

easy_hmac-1.2.2.tar.gz (84.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

easy_hmac-1.2.2-py3-none-any.whl (6.4 kB view details)

Uploaded Python 3

File details

Details for the file easy_hmac-1.2.2.tar.gz.

File metadata

  • Download URL: easy_hmac-1.2.2.tar.gz
  • Upload date:
  • Size: 84.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.17 {"installer":{"name":"uv","version":"0.11.17","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for easy_hmac-1.2.2.tar.gz
Algorithm Hash digest
SHA256 27e25154efd73c8e1c15c75dadff285d8d2a1bbdc1ae11d0b4c38b8faea19846
MD5 f35c978e36ef437bc9b46fc4a3048098
BLAKE2b-256 21c34d8e15a7ac6ee2a4dbbc4a60332c17b87ed9e8e7b2c8142adb066e065bf1

See more details on using hashes here.

File details

Details for the file easy_hmac-1.2.2-py3-none-any.whl.

File metadata

  • Download URL: easy_hmac-1.2.2-py3-none-any.whl
  • Upload date:
  • Size: 6.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.17 {"installer":{"name":"uv","version":"0.11.17","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for easy_hmac-1.2.2-py3-none-any.whl
Algorithm Hash digest
SHA256 011790d89986b5605b865d68e7b8b240688943167ac558371278e8a71349db70
MD5 9f036f3932f4399aa642f6ab30842c70
BLAKE2b-256 779f31dd585a77335805dcae1e80d5b52e342098f6b110becd46a5afd0c63f02

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page