Generate an HMAC for a message and secret key using SHA-1, SHA-256, SHA-384 or SHA-512, in your browser.
How to use the HMAC
Pick a hash algorithm.
Enter your secret key and the message.
Copy the HMAC, shown as a hex digest.
Frequently asked questions
A keyed hash that proves a message was created by someone holding the secret key and was not altered. It is widely used for API request signing and webhooks.
No. The HMAC is computed in your browser with the Web Crypto API, so the key and message never leave your device.
SHA-256 is the common default. SHA-384 and SHA-512 are stronger; SHA-1 is legacy and best avoided for new systems.
An HMAC generator that signs a message with a secret key using SHA-1, SHA-256, SHA-384 or SHA-512 and shows the hex digest.
It runs locally with the Web Crypto API, so your key and message stay private.
Related tools
Generate SHA-1, SHA-256, SHA-384 and SHA-512 hashes of any text, right in your browser.
Convert colors between HEX, RGB and HSL with a live preview.
Convert Unix timestamps to human dates and back — UTC, local, ISO 8601 and relative time. Seconds and milliseconds are auto-detected.
Percent-encode and decode URLs and URL components, UTF-8 safe.
We use essential cookies to run the site. With your consent we also load Google AdSense, which sets advertising cookies. See our privacy policy.