HMAC Generator

Generate Hash-based Message Authentication Codes (HMAC) using SHA-256, SHA-384, or SHA-512. Powered by the Web Crypto API. 100% client side - your data never leaves the browser.

Message

Secret Key

Algorithm

HMAC Output (Hex)

Algorithm: - Output length: -

About HMAC

HMAC (Hash-based Message Authentication Code) combines a cryptographic hash function with a secret key to provide both data integrity and authentication. Unlike a plain hash, an HMAC proves that the message was created by someone who knows the secret key.

How HMAC Works

The secret key is padded and XORed with inner and outer pad constants
The message is hashed with the inner-padded key: H(K XOR ipad || message)
The result is hashed again with the outer-padded key: H(K XOR opad || inner_hash)
This double-hashing prevents length-extension attacks

Algorithm Comparison

SHA-256 - 256 bit output (64 hex chars). Most widely used.
SHA-384 - 384-bit output (96 hex chars). Truncated SHA-512.
SHA-512 - 512-bit output (128 hex chars). Strongest variant.

Common Use Cases

API request signing (AWS Signature v4, Stripe webhooks)
JWT token signatures (HS256, HS384, HS512)
Webhook payload verification
Message integrity verification

Related Tools

Hash Generator - SHA-256, SHA-512, MD5 hashes without a key
JWT Generator - create JWTs signed with HMAC
JWT Decoder - decode and inspect JWTs
Text Encryption - encrypt and decrypt text
Password Generator - generate strong secret keys

HMAC: Authenticated Hashes for Webhook Signatures

HMAC (Hash-based Message Authentication Code) is how Stripe, GitHub, Slack, and most SaaS providers prove a webhook actually came from them. The provider signs the payload with a shared secret using HMAC-SHA256; you compute the same HMAC on your side and compare. Match = authentic. Mismatch = drop the request. This generator computes HMACs in your browser so you can build, debug, and test signature logic without setting up a full webhook endpoint.

Why HMAC instead of a plain hash

A plain sha256(payload) only proves the payload wasn't corrupted in transit — anyone can compute it. HMAC adds a secret key into the hash, so only parties who know the key can produce or verify a signature. The HMAC construction (H((key⊕opad) ‖ H((key⊕ipad) ‖ message))) is provably secure even when the underlying hash has weaknesses.

Choosing an algorithm

HMAC-SHA256 — the industry default. 256-bit output, fast on every modern CPU. Use this for new integrations.
HMAC-SHA512 — same security margin, larger output. No real benefit unless you need the longer digest.
HMAC-SHA1 — still appears in legacy AWS Signature v2 and older webhooks. Avoid for new code.
HMAC-MD5 — broken collision resistance, but HMAC's construction makes the auth use case still safe. Avoid anyway — mixing weak primitives confuses auditors.

Webhook signature pattern

Provider hashes HMAC-SHA256(secret, timestamp + "." + body).
Provider sends X-Signature: t=<timestamp>,v1=<hex> header.
You compute the same HMAC on receipt.
Compare with constant-time equality (crypto.timingSafeEqual in Node, hmac.compare_digest in Python).
Verify the timestamp is recent (within 5 minutes) to prevent replay.

Common pitfalls

String comparison. signature === expected is timing-attack vulnerable. Use a constant-time comparator.
Body parsing before verification. If your framework parses JSON before you read the raw body, your HMAC won't match. Capture the raw body first.
No timestamp check. Without it, an attacker who replays an old valid request can keep firing it.
Logging signatures. They contain the secret-derived HMAC. Treat as sensitive — don't print to logs.
Wrong encoding. Hex vs base64 vs base64url. Match the provider exactly.

For step-by-step webhook hardening, see our 2026 API security guide.

Frequently Asked Questions

Should I use HMAC-SHA256 or HMAC-SHA512?

SHA-256 unless you have a specific reason. Both are secure; SHA-256 is faster and more commonly supported.

Why does my computed HMAC not match the webhook signature?

Most often: you parsed the body to JSON before computing. The HMAC must run over the raw body bytes — capture them before any parsing.

Can I use HMAC for password storage?

No. Use bcrypt or Argon2id. HMAC is for message authentication, not password hashing.

Is the HMAC computed in the browser or on the server?

Entirely in your browser via the SubtleCrypto Web Crypto API. The secret never leaves your machine.