HMAC Generator
An HMAC (hash-based message authentication code) is a keyed hash that proves a message has not been altered and was created by someone who knows a shared secret key. Enter a message and key below to compute HMAC-SHA1, HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512. Results update as you type.
window.crypto.subtle). No input is uploaded,
logged, or stored on any server. For real authentication, use a long random key over HTTPS.
What Is HMAC?
HMAC stands for Hash-based Message Authentication Code. It combines a cryptographic hash function (such as SHA-256) with a secret key to produce a fixed-length tag that authenticates a message. Unlike a bare hash, which anyone can compute, an HMAC can only be produced or verified by parties that share the secret key. This gives you two guarantees at once: integrity (the message was not modified in transit) and authenticity (it came from a holder of the key).
The construction, defined in RFC 2104,
hashes the message together with two key-derived pads, so it resists the length-extension attacks that
affect naive hash(key + message) schemes. The output size matches the underlying hash:
160 bits for SHA-1, 256 for SHA-256, 384 for SHA-384, and 512 for SHA-512.
Common uses
- Signing API requests (AWS Signature v4)
- Verifying webhook payloads (Stripe, GitHub)
- Signing JWTs with the HS256 algorithm
- Key derivation inside PBKDF2 and TLS
- One-time passwords (HOTP and TOTP)
HMAC vs plain hash
A plain SHA-256 of a message proves nothing about who created it. HMAC mixes in a secret key, so
an attacker who can modify the message cannot recompute a valid tag without the key. Always prefer
HMAC over hash(key + message) for authentication.
Choosing a key
Use a long, random secret, ideally at least as many bytes as the hash output (32 bytes for SHA-256). If your secret is a human password, derive a key with PBKDF2, scrypt, or Argon2 first rather than feeding the password in directly.
HMAC Algorithm Comparison
| Algorithm | Output | Hex chars | Status | Typical use |
|---|---|---|---|---|
| HMAC-SHA1 | 160-bit | 40 | Legacy-acceptable | TOTP, older OAuth signing |
| HMAC-SHA256 | 256-bit | 64 | Recommended default | API signing, JWT HS256, webhooks |
| HMAC-SHA384 | 384-bit | 96 | Secure | TLS cipher suites, high security |
| HMAC-SHA512 | 512-bit | 128 | Secure | High security, 64-bit-optimized systems |
Recommendation: Use HMAC-SHA256 unless an existing protocol mandates a specific algorithm. It is the most widely supported choice and offers a strong security margin.
Test Vector (RFC 4231)
You can confirm this tool is correct with a published test vector. With key
Jefe and message what do ya want for nothing?, HMAC-SHA256 in hex is:
5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843
Frequently Asked Questions
What is an HMAC?
HMAC (Hash-based Message Authentication Code) verifies both the integrity and the authenticity of a message using a shared secret key and a cryptographic hash function such as SHA-256. The sender computes HMAC(key, message); the receiver recomputes it with the same key and compares. Matching codes mean the message was not altered and was produced by someone who knows the key.
How is HMAC different from a plain hash?
A plain hash like SHA-256 depends only on the message, so anyone can compute it and it proves nothing about the author. An HMAC mixes in a secret key, so only parties who hold the key can produce or verify a valid code. This protects against tampering and forgery, which a bare hash cannot do. It also avoids length-extension attacks that affect naive hash(key + message) schemes.
What is HMAC-SHA256 used for?
HMAC-SHA256 signs API requests (for example AWS Signature v4), secures webhook payloads (Stripe, GitHub, Shopify), signs JWTs with the HS256 algorithm, powers password-based key derivation (PBKDF2), and provides general message authentication wherever a shared secret exists.
Which hash algorithm should I choose?
Use HMAC-SHA256 as a safe default; it is the most widely supported and is required by many APIs. HMAC-SHA384 and HMAC-SHA512 give a larger output and are common in high-security or 64-bit-optimized contexts. HMAC-SHA1 remains acceptable for legacy compatibility, but new systems should prefer SHA-256 or stronger.
Is HMAC-SHA1 safe to use?
Collision attacks against the SHA-1 hash do not directly break HMAC-SHA1, so it is still technically secure as a MAC and appears in legacy protocols like TOTP and older OAuth signing. For any new design, choose HMAC-SHA256 or higher to avoid relying on a deprecated primitive.
Should the key be random or a password?
For real authentication the key should be a long, random secret, ideally at least as many bytes as the hash output (32 bytes for SHA-256). Short or guessable keys weaken the HMAC. If your input is a human password, derive a key from it first with PBKDF2, scrypt, or Argon2 instead of using it directly.
What is the difference between hex and Base64 output?
Both encode the same raw HMAC bytes. Hexadecimal uses two characters per byte (0-9, a-f) and is common in command-line tools. Base64 packs the bytes more compactly with 64 characters and is common in HTTP headers and JSON. Pick whichever format the system you integrate with expects.
How do I verify an HMAC?
Recompute the HMAC over the received message with the same key and algorithm, then compare it to the received code. In production, use a constant-time comparison to avoid timing attacks. This tool can recompute the HMAC for verification, but you should perform the comparison yourself.
Can an HMAC be reversed to reveal the message or key?
No. HMAC is built on a one-way hash function, so you cannot recover the message or the secret key from the code. The only attack is brute force, which is infeasible for a strong, random key.
Does this tool send my data anywhere?
No. The message and secret key never leave your browser. All computation runs locally through the Web Crypto API. Nothing is uploaded, logged, or stored on any server.
Related Tools
- SHA-256 Generator -- generate plain SHA-256 hashes from text
- Hash Generator -- compute MD5, SHA-1, SHA-256, and SHA-512 hashes
- JWT Decoder -- decode JWT header and payload (HS256 tokens use HMAC)
- Bcrypt Generator -- hash passwords with bcrypt and configurable rounds
- Base64 Encode/Decode -- encode and decode Base64 strings
Privacy & Limitations
- Client-side only. The message and secret key are processed entirely in your browser via the Web Crypto API. No data is sent to any server, and nothing is stored or logged.
- UTF-8 input. Both the message and the key are encoded as UTF-8 bytes before hashing. If your system uses a different key encoding (for example raw hex or Base64 key bytes), convert it to the matching text first.
- Verification, not comparison. This tool computes an HMAC; it does not perform secure constant-time comparison. Do not paste production secrets into any web tool you do not fully trust.
Related Tools
View all toolsBig-O Notation Visualizer
Interactive plot of O(1) through O(n!) complexity curves with operation count comparison
JSON Formatter
Format and beautify JSON with proper indentation
JSON Validator
Validate JSON syntax and show errors
CSV to JSON Converter
Convert CSV data to JSON format with auto-detection
JSON to CSV Converter
Convert JSON arrays to CSV format with nested object handling
JWT Decoder
Decode JWT tokens and display header and payload
HMAC Generator FAQ
What is an HMAC?
HMAC (Hash-based Message Authentication Code) is a way to verify both the integrity and the authenticity of a message using a shared secret key and a cryptographic hash function such as SHA-256. The sender computes HMAC(key, message) and attaches it; the receiver recomputes it with the same key and compares. If the codes match, the message was not altered and was produced by someone who knows the key.
What is the difference between an HMAC and a plain hash?
A plain hash like SHA-256 depends only on the message, so anyone can compute it and there is no proof of who created it. An HMAC mixes in a secret key, so only parties who know the key can produce or verify a valid code. This protects against tampering and forgery, which a bare hash cannot do.
What is HMAC-SHA256 used for?
HMAC-SHA256 is widely used to sign API requests (for example AWS Signature v4), to secure webhook payloads (Stripe, GitHub, Shopify), to sign JWTs with the HS256 algorithm, for password-based key derivation (PBKDF2), and for general message authentication where a shared secret is available.
Which hash algorithm should I choose?
Use HMAC-SHA256 as a safe default; it is the most widely supported and is required by many APIs. HMAC-SHA384 and HMAC-SHA512 offer a larger output and are common in high-security or 64-bit-optimized contexts. HMAC-SHA1 is still cryptographically acceptable as an HMAC for legacy compatibility, but new systems should prefer SHA-256 or stronger.
Is HMAC-SHA1 safe to use?
Collision attacks against the SHA-1 hash do not directly break HMAC-SHA1, so it remains technically secure as a MAC and appears in legacy protocols like TOTP and older OAuth signing. However, for any new design you should choose HMAC-SHA256 or higher to avoid relying on a deprecated primitive.
Should the secret key be random or a password?
For real authentication the key should be a long, random secret (ideally at least as many bytes as the hash output, for example 32 bytes for SHA-256). Short or guessable keys weaken the HMAC. If your input is a human password, derive a key from it first with PBKDF2, scrypt, or Argon2 rather than using it directly.
What is the difference between hex and Base64 output?
Both encode the same raw HMAC bytes. Hexadecimal uses two characters per byte (0-9, a-f) and is common in command-line tools and checksums. Base64 packs the bytes more compactly using 64 characters and is common in HTTP headers and JSON. Choose whichever format the system you are integrating with expects.
How do I verify an HMAC?
Recompute the HMAC over the received message using the same key and algorithm, then compare it to the received code. In production, compare using a constant-time comparison to avoid timing attacks. This tool can recompute the HMAC for verification, but you should perform the comparison yourself.
Can an HMAC be reversed to reveal the message or key?
No. HMAC is built on a one-way hash function, so you cannot recover the message or the secret key from the code. The only attack is brute force, which is infeasible for a strong, random key.
Does this HMAC generator send my data anywhere?
No. The message and secret key never leave your browser. All computation runs locally through the Web Crypto API (window.crypto.subtle). Nothing is uploaded, logged, or stored on any server.