+ Add

HMAC-SHA256 MAC Generator

HMAC is a message authentication code (MAC) using a hash function. It combines with any cryptographic hash function, for example, md5, sha1, sha256.

If you need a modern and fast MAC algorithm, you may also use: Poly1305 MAC Generator– High-performance MAC commonly used with ChaCha20.

Below is a free online tool that can be used to generate and verify HMAC authentication code. We can generate and verify HMAC-SHA256, SHA-384, and SHA-512 code with it.

Generate HMAC

Hex Base64

Verify HMAC i

{{ vm.verifyResult.valid ? 'Valid HMAC' : 'Invalid HMAC' }}
Verification Warnings
  • ⚠ {{w}}

We do not store, log any key you enter. This tool is intended for personal and educational use. We suggest not to use online tools to protect real production secrets.

HMAC (Hash-based Message Authentication Code) is a mechanism used for message authentication, which involves combining a cryptographic hash function with a secret key. It provides integrity and authenticity assurances for data, ensuring that the data has not been altered or tampered with by unauthorized parties.

When Should You NOT Use HMAC?

HMAC is not suitable for password storage or password hashing. If you are storing user passwords or deriving encryption keys from passwords, use a password hashing function instead:

How HMAC Works:

  • Components:
    • Message:The data you want to authenticate.
    • Key:A secret key known only to the sender and the receiver.
    • Hash Function:Typically, a cryptographic hash function like SHA-256 or SHA-512.
  • Calculation
    • Initialization:Choose an appropriate hash function (e.g., SHA-256) and a secret key K.
    • Key ModificationIf necessary, modify the key to fit the hash function's block size.
    • PaddingIf needed, pad the key so it fits the block size of the hash function. asymmetric algorithms.

Usage Guide - HMAC-SHA256 Online Tool

First, enter the plain-text and the cryptographic key to generate the code. Then, you can use select the hash function you want to apply for hashing. The default is SHA-256. Then you can submit your request by clicking on the compute hash button to generate the HMAC authentication code for you.

By default, the output is in plain-text format, but you also have an option to get the output in Base64 format. Below is a screenshot of the usage:

This Verify HMAC tool lets you verify HMAC-SHA256 and HMAC-SHA512 signatures by recalculating the MAC and securely comparing it with the provided value. It is useful for testing API authentication, webhook signatures, and message integrity.

hmac-sha256-online-usage

Comparison between Hashing and Mac tools

Algorithm Purpose Use for Passwords?
HMAC-SHA256 Message authentication ❌ No
Poly1305 Message authentication ❌ No
Argon2 Password hashing ✅ Yes
PBKDF2 Password hashing / KDF ✅ Yes

Support This Free Tool!

I build these tools to give you fast, secure, privacy-friendly utilities—free and signup-free.

Buying me a coffee helps keep the project running and supports new features.

cards
Powered by paypal

Thank you for helping this tool thrive!

References

Other Online Tools