HMAC Generator

HMAC Output

How to use this HMAC generator

  1. Type your secret key and choose a hash algorithm (SHA-256 is the most common default).
  2. Type the message you want to sign.
  3. The HMAC output updates automatically — copy it to verify or send alongside your message.

What is HMAC used for?

HMAC combines a secret key with a message to produce a signature that proves both the message's integrity and that it came from someone who knows the key — common in API authentication and webhook verification.

Is HMAC the same as encryption?

No. HMAC only proves authenticity and integrity — it doesn't hide the message content. Use AES encryption separately if you need confidentiality.

Which algorithm should I choose?

HMAC-SHA256 is the standard choice for most APIs and webhooks (used by Stripe, GitHub, and many others). Use SHA-512 only if a specific system requires it.