Security
Hash Generator
Generate MD5, SHA-1 and SHA-2 hashes from text instantly.
Security
Generate and verify keyed message authentication codes with SHA-256, SHA-384 and SHA-512.
Start from a simple message, webhook payload or hexadecimal input.
Select the hash algorithm used by the HMAC construction.
Enter the message to authenticate and choose how the input should be decoded.
Message encoding
Enter the shared secret and choose its input encoding.
Secret encoding
Enter a message and secret key to calculate a keyed message authentication code.
Messages, secrets and signatures are processed locally through the Web Crypto API. BigForgeKit does not upload or store secret keys.
About this tool
HMAC Generator creates keyed message authentication codes by combining a message with a shared secret. Generate SHA-256, SHA-384 and SHA-512 signatures in hexadecimal, Base64 and Base64URL formats, or compare an expected signature with the generated result.
Features
Frequently asked questions
An HMAC is a keyed message authentication code that combines a cryptographic hash function with a shared secret to authenticate message integrity and origin.
A regular hash only uses the message. An HMAC also requires a secret key, which allows trusted parties to verify who generated the signature.
The tool supports HMAC using SHA-256, SHA-384 and SHA-512.
Yes. Enter the exact webhook payload and shared secret, then compare the generated signature with the value supplied by the webhook provider.
Base64URL is a URL-safe Base64 variant that replaces plus and slash characters and usually removes trailing padding.
No. Messages, secrets and signatures remain inside your browser and are processed through the Web Crypto API.
Related tools
Security
Generate MD5, SHA-1 and SHA-2 hashes from text instantly.
Security
Decode JWT headers, payloads and expiration data.
Security
Build and review Content-Security-Policy headers with visual directives and security warnings.