HMAC Generator

Generate HMAC signatures with SHA-256, SHA-512.

Enter a message and secret key to generate an HMAC.

How to Use

Enter your message in the input field and your secret key in the key field. Select a hash algorithm (SHA-256, SHA-384, or SHA-512) and the tool will compute the HMAC signature. The output is displayed in hexadecimal format and can be copied with one click.

Common Use Cases

  • Generating webhook signatures to verify incoming requests from services like Stripe or GitHub
  • Computing HMAC-SHA256 signatures for API request authentication
  • Verifying message integrity by comparing computed HMACs against expected values
  • Testing HMAC-based authentication flows during API development

Frequently Asked Questions

What is the difference between HMAC and a regular hash?

A regular hash only depends on the input message. An HMAC incorporates a secret key, so only parties who know the key can produce or verify the signature. This provides both integrity and authentication.

Which HMAC algorithm should I use?

HMAC-SHA256 is the most widely used and recommended choice. It offers a good balance of security and performance. Use HMAC-SHA512 if you need extra security margin or your protocol requires it.

Is HMAC the same as digital signature?

No. HMAC uses symmetric keys (both parties share the same secret), while digital signatures use asymmetric keys (a private key signs and a public key verifies). HMAC is faster but requires secure key exchange.