Free online HMAC message authentication code generator tool, supports HMAC-MD5, HMAC-SHA1, HMAC-SHA256, HMAC-SHA512 multiple algorithms, input text and key to generate, local calculation secure and reliable
Enter the text content to generate HMAC in the input box, can be any length string.
Enter the key used to generate HMAC in the key input box, longer key higher security.
Click "Generate HMAC" button to generate four algorithm results, click copy button to copy individual result.
Web API signature verification, prevent request tampering
Verify message integrity and sender identity
Generate data signature, ensure data not tampered
Developers test HMAC signature verification functionality
Debug APIs requiring HMAC signature
Learn HMAC algorithm and message authentication knowledge
HMAC (Hash-based Message Authentication Code) is a message authentication code algorithm based on hash function and key, proposed by H. Krawczyk, M. Bellare and R. Canetti in 1996. HMAC can provide message integrity verification and identity authentication functionality, it combines hash function (such as MD5, SHA-1, SHA-256) and a key, utilizing both hash function's fast computation characteristics and security guaranteed by key.
Regular hash (such as MD5, SHA) doesn't need key, anyone can calculate same hash value, only can verify data integrity; HMAC needs key, only people with correct key can generate same HMAC value, can verify both integrity and identity. HMAC can effectively prevent man-in-the-middle attack and message forgery.
HMAC security depends on used hash function and key strength. Even if underlying hash function (such as MD5) has collision attack, HMAC is still secure, because attacker doesn't know key cannot forge HMAC. Recommend using HMAC-SHA256 or HMAC-SHA512 for higher security, key length recommend at least 16 characters.