Tool

HMAC Generator

Compute HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 message authentication codes.

Last updated April 1, 2026

Runs entirely in your browser — no data sent to servers. Privacy policy

How to Use This Tool

Enter the message to authenticate and your secret key.

Select HMAC algorithm: SHA-256 (most common), SHA-384, or SHA-512.

Click Generate HMAC to compute the authentication code.

Use HMAC for API request signing, webhook verification, and understanding HS256 JWT internals.

Code Examples

const crypto = require('crypto');
const hmac = crypto.createHmac('sha256', secret)
  .update(message)
  .digest('hex');

Frequently Asked Questions

What is HMAC used for?

HMAC authenticates messages using a shared secret. It is used in HS256 JWT signing, API webhooks, and request signature verification.

HMAC vs plain SHA-256?

SHA-256 hashes data without a secret. HMAC requires a secret key, preventing attackers from forging valid codes without knowing the key.

Is HMAC the same as password hashing?

No. HMAC is fast by design. Password hashing uses slow algorithms like bcrypt or Argon2.

Related Guides

Related Tools