About HMAC Generator Online — SHA-256, SHA-512 & SHA-1
An HMAC (keyed-hash message authentication code) combines a secret key with a message and a hash function to produce a tag that proves both integrity and authenticity. Only someone holding the same key can produce or verify the tag, which is why HMACs sign webhooks, authenticate API requests, and protect tokens.
This free HMAC generator computes the tag over your message and key using your browser's Web Crypto API, with SHA-1, SHA-256, or SHA-512. Your message and key are processed locally and never uploaded.
Features
- HMAC with SHA-1, SHA-256, or SHA-512
- Live hex output that updates as you type
- UTF-8 message and key support
- Backed by the Web Crypto API — fast and fully offline
How to use
- Type or paste the message you want to authenticate.
- Enter your secret key.
- Pick a hash algorithm and read the HMAC hex output.
- Copy the result with the copy button.
Frequently asked questions
What is the difference between a hash and an HMAC?
A plain hash needs no secret — anyone can recompute it. An HMAC mixes in a secret key, so only parties who know the key can produce or verify the tag. That makes HMACs suitable for authenticating messages, not just checking integrity.
Which algorithm should I use?
Prefer HMAC-SHA256 or HMAC-SHA512 for new systems. HMAC-SHA1 is included for compatibility with legacy webhooks and APIs but should be avoided for new designs.
Is my key safe in this tool?
Yes. The message and key are encoded and signed entirely in your browser via the Web Crypto API. Nothing is sent to a server.
Related tools
Everything runs locally in your browser — your input is never uploaded.