Text & String

Word Counter Case Converter String Reverse Duplicate Line Remover Sort Lines Text Diff Checker Lorem Ipsum Generator Slug Generator Text Repeater

Web / HTML

HTML Encoder/Decoder URL Encoder/Decoder HTML Formatter HTML Minifier HTML to Markdown Markdown to HTML Meta Tag Generator OG Tag Generator Robots.txt Generator .htaccess Generator Favicon Generator

CSS Tools

CSS Formatter CSS Minifier Box Shadow Generator Border Radius Generator Gradient Generator Flexbox Visualizer Grid Generator px ↔ rem Converter CSS Specificity Calc

JS & JSON

JS Formatter JS Minifier JSON Formatter JSON to CSV JSON to XML JSON Path Tester

Encode & Hash

Base64 Encoder/Decoder URL-Safe Base64 MD5 Hash Generator SHA Hash Generator HMAC Generator BCrypt Hash Generator JWT Decoder Password Generator Password Strength File Hash Generator

Generators

UUID Generator Nano ID Generator Random String Generator QR Code Generator Barcode Generator

Date & Time

Unix Timestamp Date Difference Timezone Converter Cron Builder

Color Tools

Color Picker Palette Generator Contrast Checker Tint & Shade Image Color Extractor

Regex & Testing

Regex Tester Diff Checker cURL Generator HTTP Status Codes MIME Type Lookup

Number & Math

Number Base Converter Roman Numeral Converter Random Number Generator Percentage Calculator Ratio Calculator

Miscellaneous

IP Lookup DNS Lookup SSL Checker Word Frequency CSV Table Viewer CSV to JSON XML Formatter YAML to JSON JSON to YAML SVG Optimizer
79 free tools · no sign-up required
Browse all tools
Encode & Hash

HMAC Generator

Generate HMAC-SHA1, HMAC-SHA256, and HMAC-SHA512 message authentication codes using the browser's native Web Crypto API.

Free Client-Side No Sign-Up Nothing Stored
Algorithm:
Message
Secret Key

What This Tool Does

The HMAC Generator creates message authentication codes using the browser's native crypto.subtle.sign() Web Crypto API. Both the message and secret key are processed entirely in your browser — neither is transmitted to our servers. The output is provided in both hex and Base64url formats.

The HMAC updates live as you type in either field.

Frequently Asked Questions

What is HMAC?
HMAC (Hash-based Message Authentication Code) is a mechanism for verifying both the integrity and authenticity of a message. It combines a cryptographic hash function with a secret key, producing a signature that can only be reproduced by someone who knows the key.
What is HMAC used for?
Common uses include API request signing (verifying a request came from a trusted client), webhook verification (confirming a payload was sent by a trusted source like Stripe or GitHub), JWT signature generation (HS256 uses HMAC-SHA256), and secure cookie signing.
What is the difference between HMAC and a plain hash?
A plain hash (SHA-256 etc.) depends only on the input — anyone can compute it. HMAC requires both the input and a secret key, so only parties who share the key can generate or verify the code. This prevents tampering and forgery.
Which algorithm should I use?
HMAC-SHA256 is the current standard and is what most APIs and the JWT HS256 algorithm use. HMAC-SHA512 offers a larger output and is used where extra security margin is needed. HMAC-SHA1 is provided for legacy compatibility only — prefer SHA256 or SHA512 for new work.
Is my secret key sent to a server?
No. HMAC generation uses the browser's native Web Crypto API (crypto.subtle.sign). Your message and secret key never leave your device.

Related Tools

SHA Hash Generator
SHA-256 & SHA-512 hashes
MD5 Hash Generator
Generate MD5 hashes
JWT Decoder
Decode JWT tokens