HMAC Generator

Compute HMAC for a message and secret key. Choose SHA-256 or SHA-1.

Message

Secret key

Algorithm: SHA-256 SHA-1

HMAC (hex)

About HMAC

HMAC uses a secret key and a hash function (e.g. SHA-256) to produce a fixed-length signature. Anyone with the same key can verify the message was not changed. Use it for API signatures and webhook verification.

Frequently Asked Questions

What is HMAC?

HMAC (Hash-based Message Authentication Code) combines a secret key with a message and hashes them. It proves the message was not altered and was created by someone who knows the key.

Is my data sent to a server?

No. HMAC is computed entirely in your browser using the Web Crypto API. Your message and key never leave your device.

When is HMAC used?

Often for API request signatures, webhooks, and integrity checks. Both sender and receiver use the same secret key to compute or verify the HMAC.