Frequently Asked Questions
What is HMAC used for?
HMAC is commonly used to verify message integrity and authenticity with a shared secret key.
What algorithms are supported?
Supported algorithms are SHA-256, SHA-384, and SHA-512.
Does this tool send my secret key anywhere?
No. The calculation runs client-side in your browser.
Example input/output
Input: Message: hello / Key: mysecret / Algorithm: SHA-256
Output: 88aab3ede8d3adf94d26ab90d3bafd4a2083070c3bcce9c014ee04a443847c0b
How it works
This tool uses the Web Crypto API (crypto.subtle.importKey and crypto.subtle.sign) to compute an HMAC signature. The key is imported as raw bytes, then the message is signed using HMAC with the selected SHA algorithm. The result is hex-encoded. Processing runs in your browser.
Common use cases
- Generate HMAC signatures for webhook payload verification
- Sign API request parameters with a secret key
- Verify request authenticity by regenerating and comparing HMAC values