HMAC Generator

Generate keyed HMAC signatures with SHA-1, SHA-256, SHA-384, or SHA-512 entirely in your browser. Perfect for webhook verification, API request signing, secret-based integrity checks, and authentication debugging.

hmac

signature

sha256

Share this tool:

Quick Presets

Examples for hmac generator workflows

Generate HMAC Settings

Paste a message, choose a digest algorithm, and generate a keyed HMAC entirely in your browser.

Message

Characters: 0

Lines: 0

Bytes: 0

Secret Key

Digest Algorithm

SHA-1Legacy compatibility only; avoid for new security useSHA-256Recommended default for most integrity checks and HMACsSHA-384Longer digest with moderate size increaseSHA-512Largest digest size with strong collision resistance

Output Encoding

HexMost common format for checksums and CLI verificationBase64Compact text form often used in APIs and headers

Expected HMAC (Optional)

How it works: This tool signs your message locally with HMAC using the selected SHA algorithm and secret key. The output can be copied as hex or Base64 for API signing, webhook verification, or request authentication.

Continue Your Code Journey

More tools you might find useful

JWT Generator

Generate JWT tokens locally with HS256 or alg:none

Chmod Calculator

Generate Linux file permission codes with visual editor

SQL to JSON Converter

Convert SQL SELECT results to JSON format

CSV to JSON Converter

Transform CSV data into JSON structures

🌈 Browse More Tools

All Code Tools All Tools

Complete Guide: HMAC Generator

Everything you need to know about using this tool effectively

What is HMAC Generator?

The HMAC Generator creates Hash-based Message Authentication Codes from a message and a secret key. It supports SHA-256, SHA-512, and SHA-1 hash algorithms. HMAC is used to verify both the integrity and authenticity of a message. All processing happens in the browser using the Web Crypto API.

This tool uses the browser's SubtleCrypto API to compute HMAC signatures. It takes a message and a secret key, applies the selected hash algorithm, and outputs the signature as a hexadecimal string.

Key Features

HMAC-SHA256, HMAC-SHA512, HMAC-SHA1

Text and file input

Hexadecimal and Base64 output

Copy signature to clipboard

Runs in the browser with no uploads

Real-time generation

Web Crypto API based

Supports any message length

Common Use Cases

When and why you might need this tool

Signing API requests

Generate HMAC signatures for API authentication headers like AWS Signature or GitHub webhooks.

Verifying webhook payloads

Compute the expected HMAC for a webhook body to verify it came from the claimed sender.

Creating message authentication codes

Generate HMAC values to prove that a message has not been tampered with.

Debugging API integrations

Compare your computed HMAC with the expected value to troubleshoot authentication failures.

How to Use This Tool

Step-by-step guide to get the best results

Enter the message

Type or paste the message to sign.

Enter the secret key

Type the secret key used for signing.

Select algorithm

Choose SHA-256, SHA-512, or SHA-1.

Generate

Click Generate. The tool produces the HMAC signature.

Pro Tips

HMAC-SHA256 is the most commonly used variant for API authentication.

The secret key should be kept confidential. Anyone with the key can forge signatures.

HMAC differs from a plain hash because it uses a secret key.

Many APIs expect hex output, but some expect Base64.

Frequently Asked Questions

What is HMAC?

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to produce a signature that verifies both message integrity and authenticity.

How is HMAC different from a regular hash?

A regular hash only verifies integrity. HMAC adds authentication because only someone with the secret key can produce the correct signature.

Is my data sent to a server?

No. All computation happens in your browser using the Web Crypto API. Nothing is transmitted.

Which algorithm should I use?

HMAC-SHA256 is the standard for most APIs. Use SHA-512 for higher security requirements.

Can I hash files?

Yes. Upload a file to generate an HMAC for its contents.

Related Tools

More tools you might find useful

JSON Validator

Validate JSON syntax and inspect parsed output

Format JSON with clean indentation

json

formatter

beautify

JSON to Markdown Converter

Convert JSON data to markdown tables

json

markdown

table

Markdown to JSON Converter

Parse markdown structure into JSON format

markdown

json

parser

YAML to JSON Converter

Convert YAML documents into JSON

Convert pixels to EM units for components

css

PX to REM Converter

Change pixels to REM for responsive design

rem

css

CSS Units Converter

Transform between CSS length units precisely

css

units

Related Collections

Collections that include this tool - discover more tools in these curated collections

API & Security Tools for Developers

Debug APIs, generate or inspect JWTs, encrypt sensitive text, sign requests, verify checksums, and inspect network settings. Decode tokens, create HS256 JWTs, calculate Linux permissions, convert cURL commands, analyze IPv4 networks, validate IBANs, and generate test payment data.

View collection