How do I generate an HMAC signature?

Enter your message in the Message field and your secret key in the Secret Key field. HMAC-SHA-256, SHA-384, and SHA-512 signatures are generated instantly. Click 'Copy' next to any row to copy the hex-encoded result.

What is HMAC and when should I use it?

HMAC (Hash-based Message Authentication Code) combines a cryptographic hash function with a secret key to verify both message integrity and authenticity. It is widely used for API authentication, webhook signature verification, and JWT signing.

HMAC Generator

Generate HMAC signatures using SHA-256, SHA-384, and SHA-512 instantly online. Free HMAC generator using the Web Crypto API — your message and secret never leave the browser.

Message

Secret Key

Related Tools

JWT Decoder

Decode JWT tokens instantly. Inspect header and payload client-side — your token never leaves the browser.

Unix Timestamp

Convert Unix timestamps to UTC, local time, and ISO 8601 instantly. Auto-detects seconds vs milliseconds.

Base Converter

Convert numbers between decimal, hex, binary, and octal instantly. Free and runs in your browser.

How to Use the HMAC Generator

Enter the message you want to sign in the Message field.
Enter your secret key in the Secret Key field.
HMAC-SHA-256, SHA-384, and SHA-512 signatures are generated instantly.
Click Copy next to any row to copy the hex-encoded HMAC.
Use Example to load a sample message and secret key.

About HMAC

HMAC-SHA-256 — 256-bit signature; the most widely used variant for API authentication and webhook verification
HMAC-SHA-384 — 384-bit signature; stronger variant for higher security requirements
HMAC-SHA-512 — 512-bit signature; maximum strength in the SHA-2 family

HMAC signatures are computed using the browser's built-in Web Crypto API. Your message and secret key never leave your device.