正在加载,请稍候…

HMAC Signature Generator

Computes a hash-based message authentication code (HMAC) using a secret key and your favorite hashing function.

How to Use

  1. Step 1: Enter the message you want to authenticate.
  2. Step 2: Enter your secret key.
  3. Step 3: Select the hash algorithm (SHA-256, SHA-512, etc.).
  4. Step 4: Copy the generated HMAC value.

Frequently Asked Questions

What is HMAC?

HMAC (Hash-based Message Authentication Code) combines a cryptographic hash function with a secret key to verify data integrity and authenticity.

What is the difference between HMAC and a regular hash?

A regular hash only verifies data integrity. HMAC additionally requires a shared secret key.

How is HMAC used in API authentication?

In API request signing, the client computes an HMAC of the request parameters plus a timestamp using a shared secret key, then includes it in the request header. The server recomputes the HMAC to verify the request has not been tampered with and originated from a legitimate client. This pattern is used by AWS Signature V4 and many webhook security implementations.

How does HMAC work for API request signing?

API signing flow: the server and client share a secret key; the client signs the request content (URL + timestamp + body) with HMAC and includes the signature in the request header; the server recomputes HMAC with the same key and compares it to the header — a match means authentication passes. The timestamp prevents replay attacks (usually with a 5-minute window). AWS, Stripe, and GitHub Webhooks all use this approach.