HMAC Generator
Generate HMAC signatures (HMAC-SHA256, HMAC-SHA512, etc.) with hex or Base64 output. Free online HMAC generator.
Frequently Asked Questions
What is HMAC?
HMAC (Hash-based Message Authentication Code) is a type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. It verifies both the data integrity and the authenticity of a message simultaneously.
What's the difference between HMAC and hashing?
Regular hashing (like SHA-256) only uses the message data โ anyone with the same input gets the same hash. HMAC adds a secret key, so only someone with the correct key can produce the correct signature. This makes HMAC suitable for authentication, while plain hashing is only for integrity verification.
Which HMAC algorithm should I use?
HMAC-SHA256 is the most widely used and recommended for most applications. HMAC-SHA512 provides a longer signature (128 hex characters vs 64) and is used in some financial and security-critical systems. HMAC-SHA1 is legacy and not recommended for new applications.
What are HMAC signatures used for?
HMAC is used for: API authentication (e.g., AWS Signature v4, GitHub webhooks), JWT (JSON Web Tokens) signing with HS256, payment gateway callbacks (Stripe, PayPal), request signing in microservices, and secure cookie/session tokens.
Is this tool secure?
Yes, all HMAC computation happens entirely in your browser using the Web Crypto API. Your message and secret key never leave your device. No data is uploaded to any server.
Can HMAC be reversed?
No, HMAC is a one-way function. You cannot derive the message or the key from the HMAC signature. You can only verify a signature by recomputing it with the same key and comparing the results.