Our purpose is to ensure that any given message can't be changed in any way or it will invalidate the signature attached to the message.

So the compute_signature function, given a message and a private secret key, returns all the data that the signed message should include when it's sent to the receiver. The sent data includes the message itself, the signature, and a timestamp. The timestamp is included because, in many cases, it's a good idea to ensure that the message is a recent one. If you are receiving an API request signed with HMAC or a cookie that you just set, you might want to ensure that you are handling a recent message and not one that was sent an hour ago. The timestamp can't be tampered with as it's included ...