HMAC Generator
Generate HMAC signatures using the Web Crypto API — SHA-256, SHA-512
Frequently Asked Questions
What is HMAC?
HMAC (Hash-based Message Authentication Code) combines a cryptographic hash function with a secret key to verify both the data integrity and the authenticity of a message. It is widely used in API authentication, webhook verification, and JWT signing.
Is this secure to use online?
Yes. All computation happens locally in your browser using the Web Crypto API. Your secret key and message are never transmitted to any server.
Which algorithm should I use?
SHA-256 is the most common choice and is used by AWS, Stripe, and GitHub webhooks. Use SHA-512 for higher security margins. Avoid SHA-1 for new implementations as it has known weaknesses.