HMAC Generator
Free online HMAC signature generator tool, SHA-1/256/512 supported
About HMAC Generator
Computes Hash-based Message Authentication Codes using the browser's native Web Crypto API. It supports SHA-1, SHA-256, SHA-384, and SHA-512 hash functions with an arbitrary secret key and message, and outputs the result as lowercase or uppercase hex, or as Base64. Generation uses subtle.importKey/subtle.sign, so the key never leaves the browser.
How to Use
1. Pick a hash algorithm from the SHA-1 / SHA-256 / SHA-384 / SHA-512 buttons. 2. Enter the secret key (use the eye icon to reveal or hide it). 3. Enter the message in the textarea. 4. Choose output encoding (Hex or Base64); in Hex mode, toggle Uppercase to get ABC-style hex. 5. Click Generate to compute the HMAC; use Copy or Clear on the result.
Algorithm & Output Reference
HMAC follows RFC 2104: HMAC(K, m) = H((K xor opad) || H((K xor ipad) || m)). Output length equals the digest length of the chosen hash - SHA-1 = 20 bytes (40 hex), SHA-256 = 32 bytes (64 hex), SHA-384 = 48 bytes (96 hex), SHA-512 = 64 bytes (128 hex). The Base64 option encodes the raw digest bytes; Hex emits lowercase unless Uppercase is enabled.
▶What is the difference between HMAC and a plain hash?
▶Can I use binary or non-UTF-8 keys and messages?
▶Why does SHA-1 appear if it is considered broken?
▶Does the secret get stored or sent anywhere?
If this tool has been helpful to you, consider buying me a coffee.
Buy me a coffee