HMAC Generator

Generate Hash-based Message Authentication Codes

Algorithm

Message

0 characters

Secret Key

Use a strong, random secret key for security.

Output Format

HMAC-SHA-256 Output(64 chars)

Enter a message and secret key to generate HMAC

About HMAC

HMAC (Hash-based Message Authentication Code) combines a cryptographic hash function with a secret key to provide both data integrity and authenticity.

Common Uses:

API request signing
JWT signature verification
Webhook payload validation
Password hashing (with salt as key)

Security Note

All processing happens locally in your browser. Your secret key is never sent to any server.

Algorithm Comparison

Algorithm	Output Size	Security	Use Case
HMAC-SHA1	160 bits	Legacy	Backward compatibility
HMAC-SHA256	256 bits	Strong	General purpose, JWT HS256
HMAC-SHA384	384 bits	Strong	High security applications
HMAC-SHA512	512 bits	Strongest	Maximum security needs

What is HMAC?

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to provide both integrity verification and authentication. Unlike plain hashes, HMAC requires a key, making it ideal for API signing and webhook verification.

Frequently Asked Questions

How is HMAC different from a hash?

HMAC uses a secret key, so only someone with the key can generate or verify it.

Which algorithm should I use?

SHA-256 is the most common. Use SHA-512 for higher security requirements.

Is HMAC encryption?

No. It provides authentication and integrity but does not encrypt the message.