BLAKE2b

BLAKE2b is an optimized variant of BLAKE, one of the SHA-3 candidates that made it to the final round of the NIST hash competition. It is specified in RFC7693.

The algorithm uses 64 bit words, and it therefore works best on 64-bit platforms. The digest size ranges from 8 to 512 bits.

>>> from Crypto.Hash import BLAKE2b
>>>
>>> h_obj = BLAKE2b.new(digest_bits=512)
>>> h_obj.update(b'Some data')
>>> print h_obj.hexdigest()

Optionally, BLAKE2b can work as a cryptographic MAC when initialized with a secret key.

>>> from Crypto.Hash import BLAKE2b
>>>
>>> mac = BLAKE2b.new(digest_bits=256, key=b'secret')
>>> mac.update(b'Some data')
>>> print mac.hexdigest()
class Crypto.Hash.BLAKE2b.BLAKE2b_Hash(data, key, digest_bytes, update_after_digest)

A BLAKE2b hash object. Do not instantiate directly. Use the new() function.

Variables:

  • oid (string) – ASN.1 Object ID

  • block_size (integer) – the size in bytes of the internal message block, input to the compression function

  • digest_size (integer) – the size in bytes of the resulting hash

digest()

Return the binary (non-printable) digest of the message that has been hashed so far.

Returns:

The hash digest, computed over the data processed so far. Binary form.

Return type:

byte string

hexdigest()

Return the printable digest of the message that has been hashed so far.

Returns:

The hash digest, computed over the data processed so far. Hexadecimal encoded.

Return type:

string

hexverify(hex_mac_tag)

Verify that a given printable MAC (computed by another party) is valid.

Parameters:

hex_mac_tag (string) – the expected MAC of the message, as a hexadecimal string.

Raises:

ValueError – if the MAC does not match. It means that the message has been tampered with or that the MAC key is incorrect.

new(**kwargs)

Return a new instance of a BLAKE2b hash object. See new().

update(data)

Continue hashing of a message by consuming the next chunk of data.

Parameters:

data (bytes/bytearray/memoryview) – The next chunk of the message being hashed.

verify(mac_tag)

Verify that a given binary MAC (computed by another party) is valid.

Parameters:

mac_tag (bytes/bytearray/memoryview) – the expected MAC of the message.

Raises:

ValueError – if the MAC does not match. It means that the message has been tampered with or that the MAC key is incorrect.

Crypto.Hash.BLAKE2b.new(**kwargs)

Create a new hash object.

Parameters:

  • data (bytes/bytearray/memoryview) – Optional. The very first chunk of the message to hash. It is equivalent to an early call to BLAKE2b_Hash.update().

  • digest_bytes (integer) – Optional. The size of the digest, in bytes (1 to 64). Default is 64.

  • digest_bits (integer) – Optional and alternative to digest_bytes. The size of the digest, in bits (8 to 512, in steps of 8). Default is 512.

  • key (bytes/bytearray/memoryview) – Optional. The key to use to compute the MAC (1 to 64 bytes). If not specified, no key will be used.

  • update_after_digest (boolean) – Optional. By default, a hash object cannot be updated anymore after the digest is computed. When this flag is True, such check is no longer enforced.

Returns:

A BLAKE2b_Hash hash object