pub fn write_hmac<W: Write>(
writer: &mut W,
hmac: HmacSha256,
) -> Result<(), AescryptError>Expand description
Finalizes hmac and writes the resulting 32-byte HMAC-SHA256 tag.
Consumes hmac (it is no longer reusable) and writes the 32-byte tag
produced by Mac::finalize. Used to seal both the encrypted session block
(after crate::encryption::encrypt_session_block) and, separately, the
payload stream (inside crate::encryption::encrypt_stream).
§Errors
AescryptError::Io—writerreturned an error while writing the 32-byte tag.
§Security
HMAC-SHA256 with a 32-byte key derived from PBKDF2-HMAC-SHA512 (the “setup
key” for the session block, the session key for the payload). Verification
on the read side uses constant-time equality via secure-gate’s
ConstantTimeEq.