HMAC (Hash-based Message Authentication Code) is a widely used mechanism for ensuring both data integrity and authenticity. It works by combining a secret key with a cryptographic hash function such as MD5, SHA-1, SHA-256, SHA-384, or SHA-512.
Use the free online tool below to quickly generate and verify secure HMAC signatures. It supports popular algorithms including HMAC-SHA256, SHA-384, and SHA-512, making it ideal for API authentication, secure message validation, and data integrity checks.
If you need a modern and fast MAC algorithm, you should use: Poly1305 MAC Generator– High-performance MAC commonly used with ChaCha20.
HMAC is not suitable for password storage or password hashing. If you are storing user passwords or deriving encryption keys from passwords, use a password hashing function instead:
First, enter the plain-text and the cryptographic key to generate the code. Then, you can use select the hash function you want to apply for hashing. The default is SHA-256. Then you can submit your request by clicking on the compute hash button to generate the HMAC authentication code for you.
By default, the output is in plain-text format, but you also have an option to get the output in Base64 format. Below is a screenshot of the usage:
This Verify HMAC tool lets you verify HMAC-SHA256 and HMAC-SHA512 signatures by recalculating the MAC and securely comparing it with the provided value. It is useful for testing API authentication, webhook signatures, and message integrity.
| Algorithm | Purpose | Use for Passwords? |
|---|---|---|
| HMAC-SHA256 | Message authentication | ❌ No |
| Poly1305 | Message authentication | ❌ No |
| Argon2 | Password hashing | ✅ Yes |
| PBKDF2 | Password hashing / KDF | ✅ Yes |
Buying me a coffee helps keep the project running and supports new features.
Thank you for helping this tool thrive!