How to Use HMAC for Message Authentication in Go

Use the crypto/hmac package with a hash function like crypto/sha256 to generate a keyed-hash message authentication code. Create an HMAC instance with your secret key, write the message bytes to it, and retrieve the resulting digest.

import (
	"crypto/hmac"
	"crypto/sha256"
)

func generateHMAC(key, message []byte) []byte {
	h := hmac.New(sha256.New, key)
	h.Write(message)
	return h.Sum(nil)
}

To verify a message, generate the HMAC again and compare it with the received digest using hmac.Equal to prevent timing attacks.

HMAC is a method to prove a message came from someone who knows a secret key and hasn't been changed. It works like a digital wax seal on a letter; if the seal is broken or the message is altered, the verification fails. You use it whenever you need to ensure data integrity and authenticity between two parties sharing a secret.