StackAtlas
Home/Security Tools/HMAC generator

HMAC

HMAC Generator

Runs in your browser using WebCrypto — no network requests.

Local only Secret key required
MessageUTF-8
Secret key(not sent anywhere)

Output

HMAC size: 32 bytes

Encoding

HMAC (SHA-256)

What HMAC is

HMAC combines a secret key and a hash (like SHA-256) to produce a tag you can use to verify the message was not altered and came from someone who knows the secret.

Good defaults

  • Use HMAC-SHA-256 unless you have a reason to pick something else.
  • Use a random key (32 bytes or more) for API signing.
  • Send the message and HMAC; keep the secret private.

Quick verification examples

OpenSSL (hex output) 

printf '%s' "message" | openssl dgst -sha256 -hmac "secret"

Node.js (base64 output) 

node -e "console.log(require('crypto').createHmac('sha256','secret').update('message').digest('base64'))"