HMAC Generator

Generate HMAC signatures with SHA-256, SHA-384, or SHA-512

Algorithm

Message

Runs locally · Safe to paste secrets

Secret Key

Runs locally · Safe to paste secrets

HMAC Signature

HMAC signature will appear here…

Also try:MD5 Hash Generator SHA-1 Hash Generator SHA-256 Hash Generator SHA-384 Hash Generator SHA-512 Hash Generator Hash Identifier

What Is HMAC?

HMAC (Hash-based Message Authentication Code) is a cryptographic construction defined in RFC 2104 that combines a hash function with a secret key to produce a fixed-size authentication tag. Unlike a plain hash, which anyone can compute, an HMAC can only be generated and verified by parties who share the secret key. HMAC is the standard mechanism for verifying both the integrity and authenticity of a message — confirming that the data has not been altered and that it was produced by a trusted sender.

The HMAC algorithm works with any iterative hash function: SHA-256, SHA-384, SHA-512, and even legacy functions like SHA-1 or MD5. The resulting construct is referred to by its underlying hash — HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512. Because HMAC's security proof depends on the hash function being collision-resistant and having certain pseudorandom properties, SHA-2 family algorithms are the recommended choice for new systems. HMAC-SHA256 is the most widely deployed variant, used in AWS Signature V4, Stripe webhooks, GitHub webhook secrets, Slack request signing, and JSON Web Tokens (HS256).

HMAC's design provides a critical property that plain hashing lacks: resistance to length-extension attacks. With SHA-256 alone, an attacker who knows H(message) can compute H(message || attacker_data) without knowing the original message. HMAC's double-hashing structure (inner hash and outer hash with different padded keys) prevents this attack entirely. This is why API signature schemes use HMAC rather than appending a secret key to the message and hashing the result.

Why Use an Online HMAC Generator?

Computing HMAC signatures typically requires writing code or using CLI tools. This browser-based HMAC generator lets you create HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 signatures instantly without installing software or switching to a terminal.

⚡

Instant HMAC computation

Enter your message and secret key, select the hash algorithm, and get the HMAC signature immediately. The Web Crypto API handles the computation natively in your browser.

🔒

Privacy-first processing

Your message and secret key never leave your device. All HMAC computation runs locally via the Web Crypto API — no server requests, no logging, no data retention.

📋

Multiple algorithm support

Switch between HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 with one click. Compare outputs across algorithms to verify your backend implementation matches.

🔍

No account or installation

Works in any modern browser — Chrome, Firefox, Safari, Edge. No sign-up, no extension, no CLI setup. Open the page and start generating HMAC signatures.

HMAC Generator Use Cases

Frontend Developer — Webhook Signature Verification

Stripe, GitHub, and Shopify sign webhook payloads with HMAC-SHA256. Use this tool to compute the expected signature from a payload and secret, then compare it against the signature in the HTTP header during development.

Backend Engineer — API Request Signing

AWS Signature V4 requires HMAC-SHA256 at multiple stages of the signing process. Generate reference HMAC values during development to debug signing mismatches and verify intermediate computation steps.

DevOps — Secret Rotation Validation

When rotating webhook secrets or API signing keys, compute HMAC signatures with both the old and new key to confirm your application handles the transition correctly before the old key expires.

QA Engineer — Signature Test Vectors

Generate HMAC test vectors with known inputs and keys to build regression tests for your authentication middleware. Verify that your implementation handles empty messages, Unicode input, and long keys correctly.

Data Engineer — Pipeline Message Authentication

Attach HMAC signatures to messages in event-driven pipelines (Kafka, SQS) to verify that messages have not been tampered with during transit between services.

Student — Cryptography Coursework

Experiment with HMAC to understand how changing a single character in the message or key produces a completely different signature. Compare HMAC output with plain SHA-256 output to observe the difference a secret key introduces.

HMAC vs Plain Hash vs Encryption

HMAC, plain hashing, and encryption serve different purposes. HMAC provides message authentication — proof that the message was created by someone with the secret key and has not been modified. A plain hash provides integrity but not authentication. Encryption provides confidentiality. The table below clarifies the distinctions.

Property	HMAC	Plain Hash	Encryption
Purpose	Message authentication + integrity	Data integrity only (no key)	Confidentiality + integrity
Requires secret key	Yes	No	Yes
Verifiable by	Parties who share the secret	Anyone	Recipient with key
Reversible	No — digest only	No — digest only	Yes — decryption recovers data
Output size	Depends on hash (e.g. 256 bits)	Depends on hash	Variable (ciphertext)
Standard	RFC 2104	FIPS 180-4	NIST SP 800-38A (AES)
Use case example	Webhook signature verification	File checksum verification	Encrypting data at rest

HMAC Algorithm Comparison

HMAC can use any hash function, but the choice of underlying algorithm determines the output size, security level, and browser compatibility. HMAC-SHA256 is the most common choice for new systems. The table below compares the variants you are likely to encounter.

Algorithm	Digest Size	Hex Length	Web Crypto	Best For
HMAC-SHA256	256 bits	64 hex chars	Yes	API signing, webhooks, JWT (HS256)
HMAC-SHA384	384 bits	96 hex chars	Yes	TLS 1.3 PRF, CNSA compliance
HMAC-SHA512	512 bits	128 hex chars	Yes	High-security signatures, HKDF
HMAC-SHA1	160 bits	40 hex chars	Yes	Legacy OAuth 1.0, TOTP (RFC 6238)
HMAC-MD5	128 bits	32 hex chars	No	Legacy only — not recommended

How HMAC Works Internally

HMAC applies the underlying hash function twice with two different key-derived pads. The construction is defined in RFC 2104 and proven to be a PRF (pseudorandom function) under standard cryptographic assumptions. The key is first padded or hashed to match the hash function's block size (64 bytes for SHA-256, 128 bytes for SHA-512).

HMAC(K, m) = H((K' ⊕ opad) || H((K' ⊕ ipad) || m))
where K' = key padded to block size, ipad = 0x36, opad = 0x5C

The algorithm XORs the padded key with an inner pad constant (ipad, 0x36 repeated), concatenates it with the message, and hashes the result. It then XORs the padded key with an outer pad constant (opad, 0x5C repeated), concatenates it with the inner hash output, and hashes again. This double-hashing structure is what prevents length-extension attacks and ensures that the HMAC output cannot be computed without knowledge of the secret key.

HMAC Code Examples

HMAC is supported natively in every major language and runtime. The Web Crypto API provides HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 in browsers without any library. The examples below show real-world usage patterns including webhook verification and constant-time comparison.

JavaScript (Web Crypto API)

async function hmacSHA256(message, secret) {
  const enc = new TextEncoder()
  const key = await crypto.subtle.importKey(
    'raw', enc.encode(secret),
    { name: 'HMAC', hash: 'SHA-256' },
    false, ['sign']
  )
  const sig = await crypto.subtle.sign('HMAC', key, enc.encode(message))
  return Array.from(new Uint8Array(sig))
    .map(b => b.toString(16).padStart(2, '0')).join('')
}

await hmacSHA256('hello world', 'my-secret-key')
// → "90eb182d8396f16d4341d582047f45c0a97d73388c5377d9ced478a2212295ad"

// Node.js (built-in crypto module)
const crypto = require('crypto')
crypto.createHmac('sha256', 'my-secret-key')
  .update('hello world').digest('hex')
// → "90eb182d8396f16d4341d582047f45c0a97d73388c5377d9ced478a2212295ad"

Python

import hmac
import hashlib

# HMAC-SHA256
sig = hmac.new(
    b'my-secret-key',
    b'hello world',
    hashlib.sha256
).hexdigest()
print(sig)
# → "90eb182d8396f16d4341d582047f45c0a97d73388c5377d9ced478a2212295ad"

# Verify a webhook signature (constant-time comparison)
expected = "90eb182d8396f16d4341d582047f45c0a97d73388c5377d9ced478a2212295ad"
received = hmac.new(b'my-secret-key', b'hello world', hashlib.sha256).hexdigest()
if hmac.compare_digest(expected, received):
    print("Signature valid")

# HMAC-SHA512
hmac.new(b'key', b'data', hashlib.sha512).hexdigest()

package main

import (
    "crypto/hmac"
    "crypto/sha256"
    "fmt"
)

func main() {
    mac := hmac.New(sha256.New, []byte("my-secret-key"))
    mac.Write([]byte("hello world"))
    sig := mac.Sum(nil)
    fmt.Printf("%x\n", sig)
    // → 90eb182d8396f16d4341d582047f45c0a97d73388c5377d9ced478a2212295ad

    // Verify: use hmac.Equal for constant-time comparison
    expected := mac.Sum(nil)
    fmt.Println(hmac.Equal(sig, expected)) // true
}

CLI (OpenSSL)

# HMAC-SHA256
echo -n "hello world" | openssl dgst -sha256 -hmac "my-secret-key"
# → SHA2-256(stdin)= 90eb182d8396f16d4341d582047f45c0a97d73388c5377d9ced478a2212295ad

# HMAC-SHA512
echo -n "hello world" | openssl dgst -sha512 -hmac "my-secret-key"

# Verify a file signature
openssl dgst -sha256 -hmac "my-secret-key" release.tar.gz

# HMAC with hex key (e.g. from a webhook secret)
echo -n "payload" | openssl dgst -sha256 -hmac "$(echo -n '736563726574' | xxd -r -p)"

Frequently Asked Questions

What is the difference between HMAC and a plain hash?

A plain hash (SHA-256, MD5) takes only a message as input and produces a digest that anyone can compute. HMAC takes both a message and a secret key, producing a signature that only someone with the key can generate or verify. This means HMAC provides authentication (proof of sender identity) in addition to integrity checking. A plain hash only proves that data has not changed, not who produced it.

Is HMAC-SHA256 secure?

Yes. HMAC-SHA256 is considered secure as of 2026. Its security relies on the pseudorandom properties of SHA-256 and the HMAC construction itself (RFC 2104). No practical attack against HMAC-SHA256 has been demonstrated. Even HMAC-MD5 and HMAC-SHA1 remain secure in practice because HMAC's security does not require full collision resistance of the underlying hash, though SHA-2 variants are recommended for new systems.

Why do webhooks use HMAC instead of encrypting the payload?

Webhook payloads typically contain data the receiver already expects — order details, event notifications, status updates. The goal is not to hide the data (confidentiality) but to prove it came from the legitimate sender and was not modified in transit (authenticity and integrity). HMAC achieves this with minimal overhead: the sender computes an HMAC of the payload with a shared secret and includes it in an HTTP header. The receiver recomputes the HMAC and compares. Encryption would add unnecessary complexity and key management burden.

How should I compare HMAC signatures securely?

Always use a constant-time comparison function. In Python, use hmac.compare_digest(). In Node.js, use crypto.timingSafeEqual(). In Go, use hmac.Equal(). Standard string equality operators (== or ===) can leak timing information: an attacker can measure how long the comparison takes to determine how many bytes of their forged signature match the correct one, then brute-force the remaining bytes one at a time.

Can HMAC be reversed to recover the secret key?

No. HMAC is based on a one-way hash function, so there is no mathematical shortcut to extract the key from an HMAC output. An attacker would need to brute-force the key space, which is infeasible for keys of 128 bits or longer. However, weak or short keys (like simple passwords) can be vulnerable to dictionary attacks, so always use cryptographically random keys of at least 256 bits for HMAC-SHA256.

What happens if the HMAC key is longer than the hash block size?

If the secret key is longer than the hash function's block size (64 bytes for SHA-256, 128 bytes for SHA-512), the HMAC algorithm first hashes the key with the underlying hash function to reduce it to the hash output length, then uses that hash as the effective key. This means very long keys do not provide additional security beyond the hash output size. For HMAC-SHA256, keys longer than 64 bytes are hashed down to 32 bytes and offer no security improvement over a 64-byte key; keys up to 64 bytes are used at their full length.

When should I use HMAC-SHA512 instead of HMAC-SHA256?

Use HMAC-SHA512 when the protocol requires it (some key derivation functions like HKDF-SHA512, Ed25519 key generation), when you need a wider signature for defense-in-depth, or when running on 64-bit hardware where SHA-512 is actually faster than SHA-256. For most web applications, API signing, and webhook verification, HMAC-SHA256 provides sufficient security and is the more common choice across ecosystems.