HMAC Generator

Frequently asked questions

›What is HMAC?

Hash-based Message Authentication Code — a way to verify a message hasn't been tampered with using a shared secret. Common in webhook signing.

›Is HMAC encryption?

No — HMAC is authentication. The message itself is in cleartext; HMAC just lets the receiver verify it came from someone with the same secret.

›Which algorithm should I use?

HMAC-SHA256 is the modern default. HMAC-SHA1 is still common in older systems but should be avoided for new work.

›Is my secret sent to a server?

No — generation runs entirely in your browser via the Web Crypto API.

›Is the generator free?

Yes — fully free, no signup.