ADVERT
🔏 HMAC Generator
Compute HMAC signatures with SHA-256, SHA-1, or MD5 using a secret key. Secure online hashing tool.
HMAC Generator
Generate HMAC signatures using SHA-1, SHA-256, SHA-384, or SHA-512. Provide a secret key and message to calculate the signature. Useful for developers, security testing, and verifying message integrity.
HMAC (SHA-256)
How to use this tool
- Select the hashing algorithm and enter your shared secret key.
- Provide the message payload—JSON, webhook content, or any text you need to sign.
- Copy or download the resulting HMAC to compare with the signature from your API partner.
Common tasks
- Debug webhook verifications by regenerating signatures locally.
- Validate SDK implementations when onboarding new integrations.
- Teach junior developers the difference between hashing and keyed message authentication.
Security tips
- Keep secrets short-lived and rotate them regularly—the tool never stores your inputs.
- Match the algorithm to what your service expects; mismatched digests will never verify.
- Normalize whitespace and encoding (UTF-8) before signing to avoid subtle mismatches.
FAQ
- Why can’t I use MD5?
- The Web Crypto API focuses on modern SHA algorithms. Most providers no longer accept MD5-based HMACs.
- Does the tool send my secret anywhere?
- No. All calculations happen in your browser using the built-in SubtleCrypto interface.
- How do I verify a signature?
- Generate an HMAC using the same inputs and compare the hex digest to the signature supplied with the request. Identical values confirm authenticity.
ADVERT
ADVERT