Creating hash in Go

Disclaimer: I am new to Go

I am trying to convert a Python function to Go:

def verify_signature(self, token, timestamp, signature):
    return signature == hmac.new(key=self.api_key,
        msg='{0}{1}'.format(timestamp, token),
        digestmod=hashlib.sha256).hexdigest()

I think my Go function below is close to correct, but I do not understand the last line of the Python function "digestmod=hashlib.sha256).hexdigest()" to say for certain:

func verify_signature (api_key, token, timestamp) {
    msg := fmt.Sprintf("%s%s", timestamp, token)
    mac := hmac.New(sha256.New, api_key)
    mac.Write(msg) 
    return mac
}

The code is a bit easier to understand when you format it differently:

def verify_signature(self, token, timestamp, signature):
    mac = hmac.new(
        key=self.api_key,
        msg='{0}{1}'.format(timestamp, token),
        digestmod=hashlib.sha256
    )
    actual = mac.hexdigest()
    return signature == actual

To answer your question: hexdigest() will convert the 64 byte array (= the result of applying SHA256 to the message) into a 128 character hex dump which is easier to handle (print/compare).

Your Go code doesn't do the same thing. It's just the "create actual" part. You're missing the "compare with expected signature" part. If the expected signature is already a []byte array in Go, you can use hmac.Equal() to check them.

Note: You get the value of the hash with mac.Sum(nil). See https://golang.org/src/crypto/hmac/hmac.go

If it's not, then you should try to convert the hex dump in signature into a []byte array so you can compare the two.