HMAC Generator

Generate HMAC (Hash-based Message Authentication Code) from any text and secret key online. Supports SHA-256, SHA-512, and SHA-1 algorithms.

Input

Output

What Is HMAC?

HMAC (Hash-based Message Authentication Code) is a specific type of message authentication code that combines a cryptographic hash function with a secret key. It provides both data integrity verification and authentication of the message origin.

HMAC was defined in RFC 2104 and is widely used in API authentication, JWT tokens, digital signatures, and secure communication protocols. The strength of an HMAC depends on the underlying hash function and the secrecy of the key.

How to Use This Tool

1

Enter Your Message and Key

Type or paste the message text in the left editor, then enter your secret key in the key field above. Select the desired hash algorithm (SHA-256, SHA-512, or SHA-1).

2

View the HMAC

The right panel instantly displays the HMAC hash of your message using the specified key and algorithm.

3

Copy or Download

Click Copy to copy the HMAC to your clipboard, or Download to save it as a text file.

HMAC Examples

Here is an example of HMAC-SHA256 with key "secret":

Input Message

Input

HMAC-SHA256 Output

Output

Frequently Asked Questions

How does HMAC work?

HMAC works by combining the secret key with the message through two rounds of hashing. The key is padded and XORed with inner and outer padding constants, then hashed with the message. This construction prevents length-extension attacks. See the Web Crypto API sign documentation for implementation details.

Which algorithm should I use?

SHA-256 is the most commonly used and recommended for most applications. SHA-512 provides more security but is slower. SHA-1 is considered legacy and should only be used for compatibility.

Is my data sent to a server?

No. All HMAC computation happens locally in your browser using the Web Crypto API. Your secret key and data never leave your machine.

Where is HMAC used?

HMAC is widely used in API authentication (e.g., AWS Signature Version 4), JWT token verification, webhook validation, and secure cookie signing.

Related Tools

MD5 Hash Generator SHA-256 Hash Generator SHA-512 Hash Generator CRC-32 Hash Generator

Learn more: NIST FIPS 198-1 (HMAC Standard) and Introduction to JSON Web Tokens.