HMAC Generator
Generate HMAC hashes with a secret key
About This Tool
What is HMAC?
HMAC (Hash-based Message Authentication Code) is a mechanism for verifying both the integrity and authenticity of a message using a cryptographic hash function and a secret key. It is defined in RFC 2104 and is one of the most widely used authentication methods in web development.
How HMAC Works
HMAC takes two inputs: a message and a secret key. It computes the hash of the message combined with the key in a specific way that prevents length-extension attacks. The output is a fixed-size digest that depends on both the message content and the key. Without knowing the key, it is computationally infeasible to forge a valid HMAC.
Supported Algorithms
This tool supports HMAC with MD5, SHA-1, SHA-256, and SHA-512. For security-sensitive applications, SHA-256 or SHA-512 is recommended.
Common Use Cases
HMAC is used in API authentication (AWS Signature, Stripe webhooks), JWT (JSON Web Tokens) for the HS256/HS512 algorithms, OAuth 1.0 signatures, message integrity verification, and CSPRNG seed derivation.