HMAC Generator

Blog

HMAC Generator

BlogCheatsheets
Loading...
Loading Hmac generator...

Description

Compute HMAC (Hash-based Message Authentication Code) using various hash algorithms and secret keys for message integrity and authentication.

About HMAC Generator

HMAC (Hash-based Message Authentication Code) combines a message with a secret key and a hash function such as SHA-256 to produce a code that verifies both the integrity and authenticity of the message. Unlike a plain hash, which anyone can compute and which provides no proof of origin, an HMAC can only be produced or verified by parties that know the shared secret key. This tool computes HMACs locally in your browser, so neither your message nor your key is sent to a server.

How to use

  1. Enter the message you want to authenticate.
  2. Enter the secret key shared between sender and verifier.
  3. Select the hash algorithm, such as SHA-256.
  4. Generate the HMAC and copy the resulting code to send or store alongside the message.

Frequently asked questions

How is HMAC different from a plain hash?

A plain hash like SHA-256 has no key, so anyone can compute it and it proves nothing about who created the message. HMAC mixes in a secret key, so a valid HMAC also proves the message came from someone who knows that key.

What is HMAC used for?

It is used for message integrity and authentication, for example signing API requests, verifying webhooks, and protecting tokens against tampering.

Do both sides need the same key?

Yes. HMAC uses a single shared secret. The sender computes the code with the key and the verifier recomputes it with the same key to confirm the message is authentic and unchanged.

Is my key or message sent anywhere?

No. The HMAC is computed entirely in your browser, so the secret key and message remain on your device.