Compute HMAC Signatures in Your Browser

Paste a message and a secret key to generate a keyed-hash authentication code using SHA-256, SHA-1, or SHA-512. All hashing runs locally with the Web Crypto API — your key and message never leave the page.

HMAC Signature
Algorithm: HMAC-SHA-256 Digest size: 256 bits Output length: 0 chars

What an HMAC actually computes

HMAC (Hash-based Message Authentication Code) binds a secret key to a message so a recipient who shares the same key can verify both integrity and authenticity. Unlike a plain hash, an attacker who cannot guess the key cannot forge a valid tag, even if they can see many message/tag pairs.

The construction defined in RFC 2104 is:

HMAC(K, m) = H( (K' XOR opad) || H( (K' XOR ipad) || m ) )

Here H is the underlying hash (SHA-256, SHA-1, or SHA-512). The key K is first normalized to K': if it is longer than the hash's block size it is hashed down, otherwise it is right-padded with zero bytes to the full block. The two pad constants are ipad = the byte 0x36 repeated and opad = the byte 0x5c repeated, each the length of one block. The inner hash digests the message under the ipad-masked key; the outer hash wraps that digest under the opad-masked key. Two hash passes is what makes HMAC resistant to length-extension attacks that affect a naive H(key || message) scheme.

Block sizes differ by algorithm and that changes the math: SHA-1 and SHA-256 use a 64-byte (512-bit) block, while SHA-512 uses a 128-byte (1024-bit) block, so its key padding and pad constants are twice as wide. The digest this tool emits is 160 bits for SHA-1, 256 bits for SHA-256, and 512 bits for SHA-512 — shown above as the digest size. Hex encoding renders each output byte as two characters, so a SHA-256 tag is exactly 64 hex characters; Base64 packs three bytes into four characters instead.

This page calls the browser's native crypto.subtle.importKey and crypto.subtle.sign("HMAC", …), the same audited primitives used for signing JWTs, validating webhook payloads (Stripe, GitHub), and deriving API request signatures. Because the work is local, you can paste production keys to debug a signature mismatch without sending secrets to any server.