HMAC Generator

How to Use the HMAC Generator

The HMAC Generator creates a Hash-based Message Authentication Code by combining a secret key with a message using a cryptographic hash function. HMAC is used to verify both the data integrity and authenticity of a message, ensuring it was created by someone who possesses the secret key and was not tampered with in transit.

HMAC vs Plain Hashing

A regular hash function like SHA-256 only ensures data integrity. Anyone can compute the hash of a known message, so there is no proof of who created it. HMAC solves this by incorporating a secret key into the hashing process. Only parties who possess the key can generate a valid HMAC, providing both integrity verification and sender authentication. Additionally, HMAC's double-hashing construction prevents length extension attacks, a vulnerability that affects plain SHA-256 and SHA-512 hashes.

How HMAC Works

HMAC combines a secret key with the message data through two rounds of hashing. The formula is: HMAC(K, m) = H((K' XOR opad) || H((K' XOR ipad) || m)), where H is the hash function, K' is the derived key, and opad/ipad are padding constants. This construction was proven secure by Bellare, Canetti, and Krawczyk in 1996 and is defined in RFC 2104.

Using This Tool

Select a hash algorithm (SHA-256, SHA-512, or SHA-1), enter your secret key, type or paste your message, and click Generate. The HMAC is computed in your browser using the Web Crypto API. Your key and message never leave your device. This tool is useful for debugging API integrations, verifying webhook signatures, and learning how HMAC authentication works.

API Authentication with HMAC

Many APIs use HMAC for request authentication. For example, AWS Signature Version 4 creates an HMAC-SHA256 signature from the request method, headers, and payload using a derived signing key. Stripe and GitHub use HMAC-SHA256 to sign webhook payloads so you can verify they genuinely originated from their servers. When implementing HMAC-based API authentication, both the client and server must share the same secret key and follow the exact same signing process.

HMAC in JWT Signatures

JSON Web Tokens (JWTs) commonly use HMAC-SHA256 (the HS256 algorithm) for symmetric signing. The server signs the JWT payload with a secret key, and later verifies incoming tokens using the same key. This approach is simpler than asymmetric signing (RS256) but requires the signing key to remain securely stored on the server. HMAC-signed JWTs are widely used for session management, API authorization, and single sign-on systems.

Timing Attacks and Secure Comparison

When verifying an HMAC signature, it is critical to use a constant-time comparison function rather than a simple string equality check. A regular equality check returns early on the first mismatched character, allowing an attacker to measure response times and gradually deduce the correct HMAC byte by byte. Constant-time comparison functions always process all bytes regardless of match status, preventing this side-channel attack. Most cryptographic libraries provide a secure comparison function for this purpose.

Frequently Asked Questions

Q: What is the difference between HMAC and a regular hash?

A: A regular hash only ensures data integrity. HMAC adds a secret key, so only parties who know the key can generate or verify the code. This provides both integrity and authentication, whereas a plain hash can be recomputed by anyone.

Q: Which HMAC algorithm should I use?

A: HMAC-SHA256 is recommended for most applications. Use HMAC-SHA512 for extra security margin. Avoid HMAC-SHA1 for new projects unless required for compatibility with existing systems.

Q: Is HMAC-SHA1 still secure?

A: Unlike plain SHA-1, HMAC-SHA1 is not directly affected by collision attacks and is still considered secure for authentication. HMAC's security depends on the hash function's pseudorandom properties, not its collision resistance. However, HMAC-SHA256 is preferred for new implementations.

Q: How long should my HMAC secret key be?

A: The key should be at least as long as the hash output (32 bytes for HMAC-SHA256, 64 bytes for HMAC-SHA512). Keys shorter than the hash output reduce security, while longer keys are hashed down to the block size internally. Use a cryptographically secure random generator to create your key.

Q: Can HMAC be used for password hashing?

A: HMAC alone is not suitable for password hashing because it is fast to compute, making brute-force attacks feasible. However, HMAC is used as a building block within password hashing algorithms like PBKDF2 (which iterates HMAC thousands of times) to achieve the necessary computational cost for secure password storage.