HMAC Generator

HMAC (Hash-based Message Authentication Code) is a mechanism for calculating a message authentication code using a hash function combined with a secret key. It provides both data integrity and authenticity.

Unlike regular hashing (which anyone can compute), only parties who know the secret key can generate or verify an HMAC. This makes it ideal for API authentication, webhook verification, and secure message exchange.

All HMAC generation is performed 100% client-side using the Web Crypto API. Your secret key never leaves your browser.

1. Enter your message — Type or paste the message you want to sign in the message field.
2. Provide a secret key — Enter your secret key or click the random key button to generate one.
3. Choose algorithm & encoding — Select SHA256, SHA1, SHA384, or SHA512 and choose hex, base64, or base64url output.
4. Generate — Click Generate HMAC to create the signature.
5. Verify — Paste an existing HMAC in the verify section to check if it matches your message and secret key.