Generate the HMAC signature for the given message on the key. This function only returns the Base16 (hex) encoding of the signature and does not encode the plaintext at all (unlike Plug.Crypto.MessageVerifier which includes the plaintext in the encoded return value)

SHA256 is used as the Hash function and as such a 32 byte (256 bit) key is recommended.

Key length for HMAC-256 should be at least 32 bytes. Keys longer than 64 bytes, while valid are not necessary as HMAC will hash them to generate a shorter key anyway. See https://crypto.stackexchange.com/questions/34864/key-size-for-hmac-sha256

Examples

iex> Apoc.Hazmat.MAC.HMAC256.sign("hello", Apoc.decode!("Of-znK3DYHWeV1u6XHXQ6QNotKMLdYleLUhc4-TMpxU"))
{:ok,
   <<241, 135, 240, 239, 31, 202, 134, 189, 43, 55, 208, 89, 37, 208, 2, 87, 228,
   236, 191, 9, 76, 82, 110, 190, 174, 78, 97, 103, 188, 14, 211, 146>>}

iex> Apoc.Hazmat.MAC.HMAC256.sign("hello", <<1, 2, 3>>)
{:error, "Invalid key size"}

Similar to c:sign/3 but either returns the tag directly or raises Apoc.Error if something went wrong.

Example

iex> "hello"
...> |> Apoc.Hazmat.MAC.HMAC256.sign!(Apoc.decode!("Of-znK3DYHWeV1u6XHXQ6QNotKMLdYleLUhc4-TMpxU"))
...> |> Apoc.encode
"8Yfw7x_Khr0rN9BZJdACV-TsvwlMUm6-rk5hZ7wO05I"

Verifies a tag generated by Apoc.Hazmat.MAC.HMAC256.sign/3.

Examples

iex> key = Apoc.decode!("Of-znK3DYHWeV1u6XHXQ6QNotKMLdYleLUhc4-TMpxU")
iex> "8Yfw7x_Khr0rN9BZJdACV-TsvwlMUm6-rk5hZ7wO05I"
...> |> Apoc.decode!
...> |> Apoc.Hazmat.MAC.HMAC256.verify("hello", key)
true