HMAC Generator
Generate an HMAC (hash-based message authentication code) from a message and a secret key, using SHA-1, SHA-256, SHA-384 or SHA-512. Output as hex or Base64. Everything is computed in your browser with the Web Crypto API.
New to this? Read the HMAC Generator guide →
—
—
The HMAC is computed with the Web Crypto API in your browser — your message and key never leave your device.
Frequently asked questions
What is an HMAC?
An HMAC (hash-based message authentication code) is a code computed from a message and a secret key using a hash function such as SHA-256. Anyone who shares the key can recompute it to verify that the message is authentic and unchanged; without the key it cannot be forged.
How is HMAC different from a plain hash?
A plain hash like SHA-256 needs no key, so anyone can recompute it — it proves integrity but not authenticity. An HMAC mixes in a secret key, so it also proves the message came from someone who holds that key.
Is my message or key uploaded?
No. The HMAC is computed with the Web Crypto API in your browser; your message and secret key never leave your device.