HMAC Generator

Generate keyed HMAC signatures with SHA-1, SHA-256, SHA-384, or SHA-512 entirely in your browser. Perfect for webhook verification, API request signing, secret-based integrity checks, and authentication debugging.

hmac

signature

sha256

Share this tool:

Quick Presets

Examples for hmac generator workflows

Generate HMAC Settings

Paste a message, choose a digest algorithm, and generate a keyed HMAC entirely in your browser.

Message

Characters: 0

Lines: 0

Bytes: 0

Secret Key

Digest Algorithm

SHA-1Legacy compatibility only; avoid for new security useSHA-256Recommended default for most integrity checks and HMACsSHA-384Longer digest with moderate size increaseSHA-512Largest digest size with strong collision resistance

Output Encoding

HexMost common format for checksums and CLI verificationBase64Compact text form often used in APIs and headers

Expected HMAC (Optional)

How it works: This tool signs your message locally with HMAC using the selected SHA algorithm and secret key. The output can be copied as hex or Base64 for API signing, webhook verification, or request authentication.

Continue Your Code Journey

More tools you might find useful

JWT Generator

Generate JWT tokens locally with HS256 or alg:none

Chmod Calculator

Generate Linux file permission codes with visual editor

SQL to JSON Converter

Convert SQL SELECT results to JSON format

CSV to JSON Converter

Transform CSV data into JSON structures

What is HMAC Generator?

The HMAC Generator creates Hash-based Message Authentication Codes from a message and a secret key. It supports SHA-256, SHA-512, and SHA-1 hash algorithms. HMAC is used to verify both the integrity and authenticity of a message. All processing happens in the browser using the Web Crypto API.

How does HMAC Generator work?

This tool uses the browser's SubtleCrypto API to compute HMAC signatures. It takes a message and a secret key, applies the selected hash algorithm, and outputs the signature as a hexadecimal string.

Key Features

HMAC-SHA256, HMAC-SHA512, HMAC-SHA1
Text and file input
Hexadecimal and Base64 output
Copy signature to clipboard
Uses Web Crypto SubtleCrypto for signature computation
Real-time generation
Web Crypto API based
Supports any message length

Common Use Cases

When and why you might need this tool

Signing API requests
Generate HMAC signatures for API authentication headers like AWS Signature or GitHub webhooks.
Verifying webhook payloads
Compute the expected HMAC for a webhook body to verify it came from the claimed sender.
Creating message authentication codes
Generate HMAC values to prove that a message has not been tampered with.
Debugging API integrations
Compare your computed HMAC with the expected value to troubleshoot authentication failures.

How to Use This Tool

Step-by-step guide to get the best results

Enter the message

Type or paste the message to sign.

Enter the secret key

Type the secret key used for signing.

Select algorithm

Choose SHA-256, SHA-512, or SHA-1.

Generate

Click Generate. The tool produces the HMAC signature.

Pro Tips

1
HMAC-SHA256 is the most commonly used variant for API authentication.
2
The secret key should be kept confidential. Anyone with the key can forge signatures.
3
HMAC differs from a plain hash because it uses a secret key.
4
Many APIs expect hex output, but some expect Base64.

Frequently Asked Questions

What is HMAC?

HMAC generator creates a Hash-based Message Authentication Code by combining a hash function with a secret key to verify message integrity and authenticity.