This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.

Message authentication codes

While cryptography supports both the CMAC and HMAC algorithms, we strongly recommend that HMAC should be used unless you have a good reason otherwise.

For more information on why HMAC is preferred, see Use cases for CMAC vs. HMAC?

HMAC and CMAC both use the MACContext interface:

class cryptography.hazmat.primitives.mac.MACContext[source]

New in version 0.7.

Parameters:data (bytes) – The data you want to authenticate.
Returns:The message authentication code.
Returns:A MACContext that is a copy of the current context.
Parameters:signature (bytes) – The signature to verify.
Raises:cryptography.exceptions.InvalidSignature – This is raised when the provided signature does not match the expected signature.