HMAC Generator

Generate Hash-based Message Authentication Codes (HMAC) using SHA-256, SHA-384, or SHA-512. Powered by the Web Crypto API. 100% client-side — your data never leaves the browser.

Message

Secret Key

Algorithm

HMAC Output (Hex)

Algorithm: - Output length: -

About HMAC

HMAC (Hash-based Message Authentication Code) combines a cryptographic hash function with a secret key to provide both data integrity and authentication. Unlike a plain hash, an HMAC proves that the message was created by someone who knows the secret key.

How HMAC Works

The secret key is padded and XORed with inner and outer pad constants
The message is hashed with the inner-padded key: H(K XOR ipad || message)
The result is hashed again with the outer-padded key: H(K XOR opad || inner_hash)
This double-hashing prevents length-extension attacks

Algorithm Comparison

SHA-256 — 256-bit output (64 hex chars). Most widely used.
SHA-384 — 384-bit output (96 hex chars). Truncated SHA-512.
SHA-512 — 512-bit output (128 hex chars). Strongest variant.

Common Use Cases

API request signing (AWS Signature v4, Stripe webhooks)
JWT token signatures (HS256, HS384, HS512)
Webhook payload verification
Message integrity verification

Related Tools

Hash Generator — SHA-256, SHA-512, MD5 hashes without a key
JWT Generator — create JWTs signed with HMAC
JWT Decoder — decode and inspect JWTs
Text Encryption — encrypt and decrypt text
Password Generator — generate strong secret keys