HMAC Generator

Generated Results

HMAC-MD5 -
HMAC-SHA1 -
HMAC-SHA256 -
HMAC-SHA512 -

Features

  • Multiple Algorithms: Supports MD5, SHA1, SHA256, SHA512 four HMAC algorithms
  • Real-time Generation: Input text and key to generate all algorithm results with one click
  • Custom Key: Supports custom key, flexible control of message authentication
  • Privacy Protection: All calculation done locally, not uploaded to server
  • One-click Copy: Supports individual copy, quick paste use
  • Cross-platform Compatible: Supports PC, tablet, mobile and other devices

Tutorial

1

Input Text

Enter the text content to generate HMAC in the input box, can be any length string.

2

Input Key

Enter the key used to generate HMAC in the key input box, longer key higher security.

3

Generate and Copy

Click "Generate HMAC" button to generate four algorithm results, click copy button to copy individual result.

Use Cases

API Verification

Web API signature verification, prevent request tampering

Message Authentication

Verify message integrity and sender identity

Digital Signature

Generate data signature, ensure data not tampered

Development Testing

Developers test HMAC signature verification functionality

API Debugging

Debug APIs requiring HMAC signature

Learning Research

Learn HMAC algorithm and message authentication knowledge

HMAC Knowledge

What is HMAC?

HMAC (Hash-based Message Authentication Code) is a message authentication code algorithm based on hash function and key, proposed by H. Krawczyk, M. Bellare and R. Canetti in 1996. HMAC can provide message integrity verification and identity authentication functionality, it combines hash function (such as MD5, SHA-1, SHA-256) and a key, utilizing both hash function's fast computation characteristics and security guaranteed by key.

What's the Difference Between HMAC and Regular Hash?

Regular hash (such as MD5, SHA) doesn't need key, anyone can calculate same hash value, only can verify data integrity; HMAC needs key, only people with correct key can generate same HMAC value, can verify both integrity and identity. HMAC can effectively prevent man-in-the-middle attack and message forgery.

Selection Advice: Only need to verify integrity use regular hash, need to verify identity use HMAC

How Secure is HMAC?

HMAC security depends on used hash function and key strength. Even if underlying hash function (such as MD5) has collision attack, HMAC is still secure, because attacker doesn't know key cannot forge HMAC. Recommend using HMAC-SHA256 or HMAC-SHA512 for higher security, key length recommend at least 16 characters.

FAQ

Q: Is HMAC generator free?
A: Completely free, no registration login needed, no usage limit, open webpage to use. All calculation done locally in browser, not uploaded to server, protecting your data security.
Q: Will input text and key be uploaded?
A: Absolutely not. All HMAC calculation done locally in your browser, text content and key not uploaded to any server, not recorded. You can use with confidence.
Q: Is HMAC-MD5 still secure?
A: Although MD5 hash function itself has collision vulnerability, HMAC-MD5 is still secure. Because HMAC security relies on key, attacker doesn't know key cannot forge HMAC. However for security consideration, recommend using HMAC-SHA256 or HMAC-SHA512 first.
Q: How long should HMAC key be?
A: Recommend key length at least match hash output length, such as HMAC-SHA256 recommend key at least 32 bytes (256-bit), HMAC-SHA512 recommend at least 64 bytes (512-bit). Longer key more secure, but also consider storage and transmission convenience.
Q: What's the difference between HMAC and digital signature?
A: HMAC uses symmetric key, sender and receiver use same key, fast but key distribution difficult; digital signature uses asymmetric key (public-private key pair), private key signs public key verifies, can prevent repudiation but slower. Choose based on actual scenario.