HMAC (Hash-based Message Authentication Code) is a type of MAC that combines a cryptographic hash function with a secret key to verify data integrity and authenticity.

What algorithms are supported?

SHA-256 (recommended), SHA-1, and MD5.

Is my secret key safe?

Yes, all processing happens in your browser. Your secret key is never sent to any server.

HMAC Generator

Q: What is HMAC used for?

API request signing, webhook payload verification, JWT signatures, and any scenario where you need to prove a message came from a party who knows the secret key.

Generate HMAC signatures using SHA-256, SHA-384, or SHA-512 with the Web Crypto API.

Message

Secret Key

HMAC (Hash-based Message Authentication Code) Generator uses the Web Crypto API to create secure message authentication codes. HMAC combines a cryptographic hash function with a secret key, providing both data integrity and authentication. It is widely used in API authentication, webhook verification, and JWT signing.

Frequently Asked Questions

What is HMAC used for? +

HMAC is used to verify the integrity and authenticity of a message. Common use cases include API request signing, webhook payload verification (GitHub, Stripe), and JWT token validation.

Which algorithm should I choose? +

SHA-256 is the most widely supported and recommended for general use. SHA-384 and SHA-512 provide longer outputs for higher-security requirements. Use the algorithm required by your target API or system.

Is this tool secure? +

All HMAC generation runs locally in your browser using the native Web Crypto API. No data — including your secret key — is ever sent to a server.

Frequently Asked Questions

: HMAC (Hash-based Message Authentication Code) is a type of MAC that uses a cryptographic hash function combined with a secret key. It verifies both the data integrity and the authenticity of a message.

HMAC Generator

Frequently Asked Questions

Frequently Asked Questions

Related Tools