HMAC Generator
HMAC with any hash
—What is HMAC Generator?
Compute an HMAC (Hash-based Message Authentication Code) signature using any of SHA-1, SHA-256, SHA-384, or SHA-512. HMACs prove that a message was both untampered and authored by someone who holds the shared key — the basis for API request signing (AWS, Stripe webhooks, GitHub webhooks, and many others). Output in hex or Base64 depending on what your integration expects.
How do I use HMAC Generator?
- Paste the secret key in one panel, the message in the other.
- Choose an algorithm (HMAC-SHA-256 is the safest default).
- Choose hex or Base64 output.
- Copy the signature.
When should I use HMAC Generator?
HMAC is for signed messages. For a simple fingerprint with no shared-secret component, use Hash Generator. For JWT-specific token work, use JWT Decoder.
What is HMAC used for?
Authenticating a message with a shared secret. HMAC proves that the message was signed by someone who knows the key, and that it has not been tampered with in transit.
Which hash functions can HMAC use?
SHA-1, SHA-256, SHA-384, and SHA-512. SHA-256 is the default and the right choice for nearly all use cases (webhooks, API signatures, JWT HS256).
Hex or base64 output?
Both — pick whichever your recipient expects. Hex is human-readable; base64 is shorter for transport in URLs and JSON.
Is my file uploaded anywhere?
No. Everything runs in your browser. Your files never leave your device, and there is no server component for this tool.