Home
Security
HMAC Generator

HMAC Generator

Generate an HMAC signature from a message, secret, and algorithm in the browser.

Last reviewed: April 30, 2026Free toolMethodology

HMAC Generator

Message

Secret

Algorithm

These fields start with sample inputs. Keep them or replace them, then run the tool to show a fresh result.

Output

Calculating the sample result.

Why it matters

HMAC signing is common in webhook validation, API authentication, and request-signing workflows.

When to use

Testing signed payloads
Debugging webhook signature mismatches
Verifying that two systems agree on the same message and secret

Inputs & Outputs

Inputs

Message is the exact string to sign.
Secret is the shared signing key.
Algorithm selects the HMAC hash algorithm.

Outputs

Hex signature shows the HMAC digest in a common readable format.
Length output helps confirm which algorithm was used.

HMAC signing method

The tool imports the provided secret into Web Crypto, signs the UTF-8 message with the selected SHA algorithm, and renders the HMAC as hexadecimal.

HMAC combines a shared secret with a hash function to create a keyed digest

Worked example

Webhook troubleshooting

A developer wants to confirm the expected signature for a payload before comparing it with a webhook header.

Inputs

Message: order=8472&status=paid
Secret: demo-secret
Algorithm: SHA-256

Steps

Import the secret as an HMAC key
Sign the message
Render the result as hex

Result

The resulting signature can be compared with another system's output.

Edge cases & caveats

Whitespace and line ending changes will alter the signature.
Treat secrets carefully even when using a local browser-based tool.

Disclaimer

Results are provided for general information and planning only. They do not constitute legal, tax, financial, security, technical, or other professional advice. Inputs, assumptions, provider rules, rounding, and implementation details can change outcomes, so verify critical decisions independently before relying on any result.

Frequently Asked Questions

Is HMAC the same as hashing?

No. HMAC uses a secret key in addition to the message, which makes the output suitable for integrity checks between trusted parties.

Can I compare this output with server-side HMACs?

Yes, as long as the message bytes, secret, and algorithm all match exactly.

Keep going

Related Tools

developer

Hash Generator

Generate a cryptographic hash from plain text using common SHA algorithms.

Open

security

SRI Hash Generator

Generate a Subresource Integrity hash string from script or style content.

Open

security

Basic Auth Header Generator

Generate the HTTP Basic Authorization header value from a username and password.

Open