Free Online HMAC Generator

An HMAC generator produces a keyed cryptographic digest from a message and shared secret using SHA-256/384/512 per RFC 2104.

Your data is processed entirely in your browser and never sent to any server.

Instant results 100% private No signup needed

How to Use This Tool

  1. Enter the shared secret key in the Secret key field.
  2. Type or paste the message into the Message textarea.
  3. Pick the hash algorithm — HMAC-SHA256 is the default and most widely supported.
  4. The HMAC digest appears as a hex string; click Copy hash to grab it.

What Is a HMAC Generator?

HMAC (Hash-based Message Authentication Code, RFC 2104) combines a message with a secret key under a hash function in a specific nested structure (`H(K ⊕ opad || H(K ⊕ ipad || message))`) that resists length-extension attacks affecting raw hash constructions. The output is the same width as the underlying hash: 32 bytes for HMAC-SHA256, 48 for SHA-384, 64 for SHA-512.

HMAC is the workhorse of API authentication. Stripe and GitHub sign webhooks with HMAC-SHA256 so receivers can verify origin; AWS Signature Version 4 builds request signatures from a chain of HMAC-SHA256 invocations; JSON Web Tokens use HMAC for the HS-family algorithms (HS256, HS384, HS512); TLS uses HMAC internally during the handshake; and the standard 2FA TOTP algorithm relies on HMAC-SHA1.

This tool signs via the Web Crypto API, so the secret and message never leave your browser. Use it for debugging webhook signatures or learning the algorithm — do not paste production webhook secrets into any web page, including this one.

Frequently Asked Questions

What is HMAC?
Hash-based Message Authentication Code. It combines a message with a secret key under a hash function to verify both integrity and authenticity.
Which hash algorithms can I use?
HMAC-SHA256 is the most common; this tool also supports SHA-384 and SHA-512. Avoid HMAC-MD5 for new systems.
What's a real use case?
API request signing, webhook verification (Stripe, GitHub), and JWT signing (HS256). It proves the message came from the key holder.

Published by the WeGotEveryTool team. We build and test every tool in-house and update pages when the underlying spec, formula, or recommendation changes.

Reviewed: May 2026. Disclaimer: this tool is provided as-is for general informational use. For decisions with material consequences (medical, legal, financial, security) verify results against a qualified professional source.

Related Encryption & Security

SHA-256 Hash Generator

Generate SHA-256 hash from text. Secure 256-bit hashing for integrity and verification.

SHA-512 Hash Generator

Generate SHA-512 hash from text. Stronger 512-bit hashing for high-security needs.

MD5 Hash Generator

Generate MD5 hash from text. One-way hashing for checksums and non-security uses.

AES Encrypt / Decrypt

Encrypt and decrypt with AES-GCM. Symmetric encryption using a passphrase-derived key.

JWT Generator

Create signed JWT tokens with HS256, HS384 or HS512. Counterpart to the JWT decoder.

You Might Also Like

Hash Generator (MD5/SHA)

Developer Tools