What is the difference between HMAC and a normal hash?

A normal hash only depends on the input data, while HMAC depends on both the data and a secret key. That makes HMAC suitable for authenticity checks between systems that share the same secret.

Does this HMAC generator upload my message or secret?

No. HMAC generation happens locally in your browser, so the message and secret remain on your device.

Which algorithm should I choose?

SHA-256 is the safest default for most modern integrations. Only choose SHA-1 or another variant if the target system explicitly requires it.

Why do two systems produce different HMAC values?

Common causes include different secrets, altered whitespace, different line endings, the wrong algorithm, or comparing hex output against Base64 output. HMAC requires exact input matching.

Can I verify a webhook signature with this tool?

Yes. Paste the exact payload, use the webhook signing secret, choose the expected algorithm and encoding, then compare the generated HMAC with the header value you received.

HMAC Generator

Generate keyed HMAC signatures with SHA-1, SHA-256, SHA-384, or SHA-512 entirely in your browser. Perfect for webhook verification, API request signing, secret-based integrity checks, and authentication debugging.

hmac

signature

sha256

Share this tool:

Quick Presets

Examples for hmac generator workflows

Generate HMAC Settings

Paste a message, choose a digest algorithm, and generate a keyed HMAC entirely in your browser.

Message

Characters: 0

Lines: 0

Bytes: 0

Secret Key

Digest Algorithm

SHA-1Legacy compatibility only; avoid for new security useSHA-256Recommended default for most integrity checks and HMACsSHA-384Longer digest with moderate size increaseSHA-512Largest digest size with strong collision resistance

Output Encoding

HexMost common format for checksums and CLI verificationBase64Compact text form often used in APIs and headers

Expected HMAC (Optional)

How it works: This tool signs your message locally with HMAC using the selected SHA algorithm and secret key. The output can be copied as hex or Base64 for API signing, webhook verification, or request authentication.

Continue Your Code Journey

More tools you might find useful

JWT Generator

Generate JWT tokens locally with HS256 or alg:none

Chmod Calculator

Generate Linux file permission codes with visual editor

SQL to JSON Converter

Convert SQL SELECT results to JSON format

CSV to JSON Converter

Transform CSV data into JSON structures

🌈 Browse More Tools

All Code Tools All Tools

Complete Guide: HMAC Generator

Everything you need to know about using HMAC Generator effectively

Related Tools

More tools you might find useful

JSON Validator

Validate JSON syntax and inspect parsed output

Format JSON with clean indentation

json

formatter

beautify

JSON to Markdown Converter

Convert JSON data to markdown tables

json

markdown

table

Markdown to JSON Converter

Parse markdown structure into JSON format

markdown

json

parser

YAML to JSON Converter

Convert YAML documents into JSON

Convert pixels to EM units for components

css

Featured

PX to REM Converter

Change pixels to REM for responsive design

Transform between CSS length units precisely

css

units

Related Collections

Collections that include this tool - discover more tools in these curated collections

API & Security Tools

Debug APIs, generate or inspect JWTs, encrypt sensitive text, sign requests, verify checksums, and inspect network settings. Decode tokens, create HS256 JWTs, calculate Linux permissions, convert cURL commands, analyze IPv4 networks, validate IBANs, and generate test payment data.

View collection