HMAC signing requests in Python

Question

I'm trying to create an HMAC-SHA512 signed request for an API call in Python 3.4 using the requests library. I'm trying to follow docs, but am hitting this error:

AttributeError: '_hashlib.HASH' object has no attribute 'new'

Here's some code. It's failing with the error on the hmac constructor. It's fine if I try and pass hashlib.md5() or omit the digest parameter entirely.

I'm not sure if I'm signing the request properly afterwards as I haven't got that far yet. The docs for the service I'm trying to use say to sign the URL with my secret. I need this to be a byte string for this to work.

import hmac
import hashlib
import requests

secret = b'mysecret'
url = b'http://someurl.com/something/'

signing = hmac.new(secret, url, hashlib.sha512())

headers = {'apisign': signing.digest()}
response = requests.get(url, headers=headers)

Any pointers appreciated. I couldn't find an example. Thanks!

Answer 1

You must pass in a reference to the hashlib.sha512 callable, not the result of calling it:

signing = hmac.new(secret, url, hashlib.sha512)

Alternatively, you could just use the string 'sha512':

signing = hmac.new(secret, url, 'sha512')

and hashlib.new() will be used to construct the hash object.

Demo:

>>> import hashlib
>>> import hmac
>>> secret = b'mysecret'
>>> url = b'http://someurl.com/something/'
>>> signing = hmac.new(secret, url, hashlib.sha512)
>>> signing.digest()
b'!~s2\x97\x97\xa9\xcc\xefcb\xa8\xcc\xa7\xbc\xec\xe5\xfc\xc3\xac\xfc\xbc5]\x05\x96\xc7\x83\x8b\x1b\x90\xd3\xa5\xca\x8cLsC\x17\xa0\xea\xa3\xfe\xd8M\xfda\x1epj\x90\xff}\xfa\xc2@\x92\xfb\xee\xa8\xab\x1b\x08\x8e'