BetterPass

HMAC Generator

Compute Hash-based Message Authentication Codes (HMAC) locally in your browser.

HMAC-SHA256 of (empty)
Enter message and secret key

Your input never leaves your device; HMAC is computed locally using the Web Crypto API.

How to Use

01

Enter Message

Type or paste the message you want to authenticate.

02

Enter Secret Key

Provide a secret key that is shared between the sender and receiver.

03

Select Algorithm

Choose the underlying hash algorithm: SHA-256 or SHA-512 are recommended for security.

04

Copy the HMAC

The HMAC is computed instantly. Use the copy button to save the resulting hex string.

Frequently Asked Questions

What is HMAC?

HMAC (Hash-based Message Authentication Code) is a mechanism that uses a cryptographic hash function in combination with a secret key to verify both the integrity and authenticity of a message.

How is HMAC different from a regular hash?

A regular hash (like SHA-256) only verifies integrity — anyone can compute it. HMAC adds a secret key, so only parties who know the key can generate or verify the code. This provides authenticity in addition to integrity.

Which HMAC algorithm should I use?

HMAC-SHA256 and HMAC-SHA512 are recommended for modern applications. HMAC-SHA1 is still widely used but should be avoided for new designs where possible.

Is my data safe with this tool?

Yes. All computation happens locally in your browser using the Web Crypto API. Your message and secret key are never sent to any server.