ZenovayTools

HMAC Generator

Generate HMAC signatures using SHA-256, SHA-384, or SHA-512 with the Web Crypto API.

How to Use HMAC Generator

  1. 1Enter the message you want to sign.
  2. 2Enter the secret key for the HMAC computation.
  3. 3Select the hash algorithm: SHA-256, SHA-384, or SHA-512.
  4. 4The HMAC signature is generated instantly using the Web Crypto API.
  5. 5Copy the resulting signature in hex or Base64 format.
Zenovay

Track your website performance

Real-time analytics, session replay, heatmaps, and AI insights. 2-minute setup, privacy-first.

Try Zenovay Analytics — Free

Related Tools

Password GeneratorGenerate strong, random passwords with customizable length, characters, and complexity.
Password Strength CheckerCheck how strong your password is. Get an estimated crack time and improvement suggestions.
AES Encryption/DecryptionEncrypt and decrypt text using AES-GCM with PBKDF2 key derivation. Runs entirely in your browser.
CSP Header GeneratorGenerate Content-Security-Policy headers with a visual editor. Pick directives, use presets, and copy the result.

Frequently Asked Questions

What is HMAC?
HMAC (Hash-based Message Authentication Code) is a mechanism for verifying message integrity and authenticity. It combines a cryptographic hash function with a secret key to produce a signature.
What algorithms are supported?
This tool supports SHA-256, SHA-384, and SHA-512. SHA-256 is the most commonly used for webhook signatures. SHA-512 provides the strongest security.
Where is HMAC used?
HMAC is commonly used for webhook signature verification (GitHub, Stripe, Slack), API authentication, and data integrity checks.
Is my secret key safe?
Yes. All HMAC generation uses the Web Crypto API in your browser. Your secret key and message never leave your device.
Can I use this to verify webhook signatures?
Yes. Paste the webhook payload as the message and your webhook secret as the key, then compare the generated HMAC against the signature header sent by services like GitHub, Stripe, or Slack.
What is the difference between HMAC and a regular hash?
A regular hash (like SHA-256) only provides integrity verification. HMAC additionally uses a secret key, providing both integrity and authentication — proving the message was created by someone who knows the key.
Can I use this tool on my phone?
Yes, the HMAC generator works in any modern mobile browser. Enter your message and secret key, and generate the HMAC signature on any device.