HMAC Generator Online — SHA-256, SHA-384, SHA-512
Sign a message with a secret key using HMAC-SHA. Choose hex or unpadded base64url output. Runs locally — not a password hash and not for production auth scaffolding.
How HMAC works here
Enter a message and secret key. Choose SHA-256, SHA-384, or SHA-512. The digest updates automatically via Web Crypto. HMAC authenticates a message with a shared secret — it is not for storing passwords. Use bcrypt for password hashing.
Options
Examples
Classic vector
Message
HMAC-SHA-256 (hex)
API body
Message
HMAC-SHA-256 (hex)
Related tools
For checksums without a secret use hash-generator. For password storage use bcrypt-hash.
HMAC FAQ
Signing digests
Is HMAC a password hash?
No. HMAC signs a message with a shared secret. For password storage use bcrypt-hash.
Is base64url padded?
No — this tool emits unpadded base64url (no trailing =).
Does my secret leave the browser?
No. All HMAC computation runs locally via Web Crypto.
Looking for converters, encoders, formatters, and minifiers in one place? Developer tools hub Open the curated developer tools catalogue.