Skip to content

HMAC Generator

Generate HMAC signatures with SHA-256/384/512 from a message and secret key.

HMAC signature

How to use the HMAC Generator

  1. Enter your message.

  2. Enter the secret key.

  3. Copy the HMAC signature.

What is HMAC?

HMAC (Hash-based Message Authentication Code) combines a secret key with a hash function to prove a message is authentic and untampered — the basis of webhook signatures and API request signing. This tool computes HMAC with SHA-256/384/512 using the browser's Web Crypto API.

Key features

  • HMAC with SHA-256, 384 & 512
  • Hex or Base64 output
  • Standards-based Web Crypto
  • Runs locally — key never leaves your device

Frequently asked questions

How is HMAC different from a plain hash?

HMAC mixes in a secret key, so only someone with the key can produce or verify the signature.

Where is HMAC used?

Verifying webhooks (Stripe, GitHub), signing API requests and protecting message integrity.

Is my key uploaded?

No — the HMAC is computed in your browser with the Web Crypto API.

More tools

Browse all →

API Key Generator

Generate secure API keys & tokens

Bcrypt Hash & Verify

Hash & check passwords

AES Encrypt / Decrypt

Password-based text encryption

JWT Generator

Sign HS256 JSON Web Tokens

Password Strength Meter

Check password strength

Entropy Calculator

Measure password entropy