DevToolKit

HMAC Generator — Compute SHA-256/512 Hashes Online [2026]

Enter message + secret key → get HMAC in hex and base64 instantly. Supports SHA-256, SHA-384, and SHA-512. Verify Stripe and GitHub webhook signatures. Runs 100% in-browser.

What is HMAC Generator?

HMAC Generator is a free online tool for computing HMAC (Hash-based Message Authentication Code) values. HMAC combines a cryptographic hash function with a secret key to produce a message authentication code. It is widely used for API authentication, webhook signature verification, and data integrity checking.

How to Use HMAC Generator

Enter your message in the first input field and your secret key in the second field. Select the hash algorithm (SHA-256, SHA-384, SHA-512). Click Generate to compute the HMAC. The result is displayed in both hexadecimal and base64 encoding. Copy whichever format you need.

How HMAC Generator Works

The tool uses the Web Crypto API built into modern browsers to compute HMAC values. It encodes the message and key as UTF-8 byte arrays, imports the key using the selected algorithm, and calls the sign function to produce the HMAC. The result is then encoded in both hexadecimal and base64 formats for display.

Common Use Cases

  • Verifying webhook signatures from services like Stripe and GitHub
  • Generating API authentication tokens for REST APIs
  • Testing HMAC implementations in your application code
  • Computing message authentication codes for data integrity
  • Debugging HMAC-based authentication issues

Frequently Asked Questions

What is HMAC?

HMAC stands for Hash-based Message Authentication Code. It is a mechanism for calculating a message authentication code using a cryptographic hash function combined with a secret key. It provides both data integrity and authentication.

Which algorithm should I use?

SHA-256 is the most commonly used and recommended for most applications. SHA-512 provides more security for sensitive applications. MD5 and SHA-1 are considered less secure and should only be used for compatibility with legacy systems.

Is my secret key safe?

Yes. All computation happens in your browser using the Web Crypto API. Your secret key and message never leave your machine.

What is the difference between hex and base64 output?

Hex encoding uses 0-9 and a-f characters and is twice the length of the raw bytes. Base64 is more compact, using A-Z, a-z, 0-9, +, and / characters. Most APIs specify which format they expect.

Related Tools

Chmod Calculator

Set Unix permissions with checkboxes → get numeric (755) and symbolic (rwxr-xr-x...

Env File Generator

Choose a framework → get a complete .env template with documented variables. Cov...

Nginx Config Generator

Fill in options → get a complete Nginx server block with SSL, gzip, and reverse ...