HMAC Generator & Verifier
Generate Hash-based Message Authentication Codes (HMAC) to verify message integrity and authenticity. Perfect for API request signing and data verification.
HMAC Generator
Create cryptographic signatures for message authentication
Keep this key secret. Both parties need the same key to verify the HMAC.
About HMAC
What is HMAC?
HMAC (Hash-based Message Authentication Code) is a specific type of message authentication code (MAC) that uses a cryptographic hash function and a secret key. It provides both data integrity verification and authentication.
Common Use Cases
- API Request Signing: Authenticate API requests (AWS, webhooks)
- Data Integrity: Verify that messages haven't been tampered with
- Secure Cookies: Sign session cookies to prevent modification
- JWT Tokens: Sign JSON Web Tokens for authentication
- File Verification: Ensure files haven't been modified
Algorithm Comparison
| Algorithm | Output Size | Status |
|---|---|---|
| HMAC-MD5 | 128 bits | Legacy (avoid) |
| HMAC-SHA1 | 160 bits | Deprecated |
| HMAC-SHA256 | 256 bits | Recommended |
| HMAC-SHA512 | 512 bits | Very Secure |
| HMAC-SHA3 | 256 bits | Modern |
Security Notes
- All HMAC generation happens locally in your browser
- Use HMAC-SHA256 or higher for production systems
- Secret keys should be at least 256 bits (32 bytes) long
- Never share your secret key - it's required for both generation and verification
- Store secret keys securely using environment variables or key management systems