HMAC Online Encryptor
Hash-based Message Authentication Code calculator supporting MD5, SHA1, SHA256 and more
Key used to sign and verify the message
About HMAC
HMAC (Hash-based Message Authentication Code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key.
It may be used to verify both the data integrity and the authentication of a message.
How it Works
HMAC calculation uses a hash algorithm, taking a key and a message as input, and producing a message digest as output. Only parties with the same key can generate the same HMAC.
Use Cases
Security Advice
Use long, complex random keys. Prefer strong hash algorithms like SHA-256 or SHA-512 over MD5 (unless required for legacy compatibility).
FAQ
Difference between HMAC and Hash?
Normal Hash (like MD5, SHA256) uses no key; anyone gets the same result for the same input. HMAC requires a secret key; only key holders can verify or generate the correct HMAC.
Can HMAC be decrypted?
No. HMAC is a one-way cryptographic function (hashing), not encryption. You cannot recover the original message from the HMAC.
Is there a key length requirement?
There is no theoretical limit, but keys should ideally be at least as long as the hash output length (e.g., 32 bytes for SHA-256). Short keys reduce security.
What are Hex and Base64 key formats?
Sometimes keys are binary data that can't be represented as plain text. Hex (hexadecimal) or Base64 encoding is used to represent them. If your key looks like '4a8f...', it's likely Hex.
Why is my result different?
Check: 1. Message content (including spaces/newlines); 2. Key content; 3. Selected algorithm; 4. Key format (Text vs Hex).
Is this tool secure?
Yes. All calculations happen locally in your browser. Your keys and messages are never sent to any server.