FreeDev Tools

HMAC Generator

Generate HMAC signatures using SHA-256, SHA-384, or SHA-512 with the Web Crypto API.

Algorithm
Output

HMAC (Hash-based Message Authentication Code) Generator uses the Web Crypto API to create secure message authentication codes. HMAC combines a cryptographic hash function with a secret key, providing both data integrity and authentication. It is widely used in API authentication, webhook verification, and JWT signing.

Frequently Asked Questions

What is HMAC used for? +

HMAC is used to verify the integrity and authenticity of a message. Common use cases include API request signing, webhook payload verification (GitHub, Stripe), and JWT token validation.

Which algorithm should I choose? +

SHA-256 is the most widely supported and recommended for general use. SHA-384 and SHA-512 provide longer outputs for higher-security requirements. Use the algorithm required by your target API or system.

Is this tool secure? +

All HMAC generation runs locally in your browser using the native Web Crypto API. No data β€” including your secret key β€” is ever sent to a server.

How to Use

  1. 1

    Enter your message

    Paste the message or payload you want to authenticate β€” for example, a webhook body or API request string.

  2. 2

    Enter your secret key and algorithm

    Provide your HMAC secret key and choose SHA-256 (recommended), SHA-1, or MD5.

  3. 3

    Copy the signature

    Copy the hex-encoded HMAC signature and use it in your Authorization header or webhook verification.

Frequently Asked Questions

HMAC (Hash-based Message Authentication Code) is a type of MAC that uses a cryptographic hash function combined with a secret key. It verifies both the data integrity and the authenticity of a message.