HMAC Generator
Generate HMAC signatures (SHA-1, SHA-256, SHA-384, SHA-512) from a message and secret key. Hex and Base64 output.
Computed with the Web Crypto API (crypto.subtle). Your key and message never leave the browser.
About HMAC Generator
Compute an HMAC (hash-based message authentication code) for any message using a secret key and your choice of SHA-1, SHA-256, SHA-384, or SHA-512. Output is shown in both hex and Base64. HMAC is used to verify message integrity and authenticity — for webhooks, API request signing, and token signatures. Computed with the Web Crypto API entirely client-side.
All processing happens entirely in your browser using modern web APIs. Nothing is uploaded to our servers — your data stays local and private. Free to use forever.
Common use cases
- Verifying or reproducing a webhook signature (e.g. Stripe, GitHub)
- Signing API requests that require an HMAC of the payload
- Debugging signature mismatches between client and server
- Generating HMAC-SHA256 values for token authentication
- Checking message integrity with a shared secret
How it works
The secret key is imported with crypto.subtle.importKey() as an HMAC key bound to the selected hash, then crypto.subtle.sign() computes the MAC over the UTF-8 bytes of the message. The resulting bytes are rendered as a hex string and as Base64. SubtleCrypto is the same cryptographic engine the browser uses for TLS, so results match server-side libraries.