Your data is never sent to a server or stored anywhere. All processing happens in your browser.

HMAC Generator

Algorithm
HMAC Output

How to Use

  1. Enter the message text you want to authenticate.
  2. Enter the secret key used for HMAC computation.
  3. Select a hash algorithm (SHA-1, SHA-256, SHA-384, or SHA-512).
  4. The HMAC is generated in real time as you type.
  5. Click the copy button to copy the HMAC to your clipboard.

What is HMAC?

HMAC (Hash-based Message Authentication Code) is a mechanism for verifying both the integrity and authenticity of a message. It combines a secret key with a hash function to produce a unique signature. Unlike plain hashes, HMAC requires knowledge of the secret key, making it resistant to tampering.

Common Use Cases

  • API authentication: Signing API requests to verify the sender's identity (e.g., webhook signatures).
  • Data integrity: Ensuring a message has not been altered during transmission.
  • Token generation: Creating secure tokens for session management or password reset flows.
  • Digital signatures: Used as a building block in protocols like OAuth, JWT, and TLS.

Privacy

All HMAC computation happens in your browser using the Web Crypto API (crypto.subtle). Your message and secret key are never sent to a server.