HMAC Generator

Generate Hash-based Message Authentication Codes (HMAC) for message integrity and authentication.

Configuration

Algorithm:

SHA-1

Legacy, 160-bit output

SHA-256

Recommended, 256-bit output

SHA-512

Most secure, 512-bit output

Output Encoding:

Quick Actions

Common Use Cases

Message

0 characters

Bytes: 0

Secret Key

Length: 0 characters

HMAC-SHA256 (HEX)

HMAC Verification

Verify HMAC (paste HMAC to verify):

Enter an HMAC to verify it matches the current message and secret

About HMAC

What is HMAC?

Hash-based Message Authentication Code - cryptographic hash function with a secret key

Purpose

Verify data integrity and authenticity of messages

Security

Provides both integrity and authentication - requires secret key

Algorithm Choice

SHA-256 recommended, avoid SHA-1 for new applications

Common Uses

API authentication, webhook verification, JWT signing, session tokens

Key Management

Keep secret keys secure and rotate them regularly

Verification

Always use constant-time comparison to prevent timing attacks

Standards

Defined in RFC 2104, widely supported across platforms

HMAC Formula:

HMAC(K, m) = H((K ⊕ opad) || H((K ⊕ ipad) || m))

Where K = key, m = message, H = hash function, opad/ipad = padding constants

Tools

Network Tools

Security Tools

API Tools

Utilities