Compute HMAC with your secret key. Keys stay in this tab β never sent to a server.
Long messages automatically use a Web Worker so the page stays responsive.
Compute HMAC with your secret key. Keys stay in this tab β never sent to a server.
Long messages automatically use a Web Worker so the page stays responsive.
HMAC Generator
Compute HMAC with SHA-1, SHA-256, SHA-384, or SHA-512. Your secret and message stay in the tab; long messages can use a Web Worker.
HMAC Generator Use Cases
- Reproduce webhook signature test vectors
- Verify AWS-style signing building blocks
- Compare outputs against OpenSSL or language standard libraries
- Teach MAC vs hash differences in coursework
HMAC Generator FAQ
How do I format the key?
The key is interpreted as UTF-8 text, matching common API examples. For raw binary keys, hex-decode elsewhere first.
Is this the same as JWT signing?
JWT uses a specific encoding (Base64URL segments). This tool is raw HMAC over the message bytes for debugging and test vectors.
Why avoid SHA-1?
SHA-1 is legacy. HMAC-SHA1 still appears in older systems, but prefer SHA-256 for new work.
Are secrets stored?
Secrets stay in page memory only. Clear the field when done; fmtly does not upload your data.