Which hash should I pick?

Prefer SHA-256 or SHA-512 for new work. SHA-1 is legacy only.

Can I verify a server HMAC?

Yes, if you use the same key, message, and hash algorithm, the hex should match.

No. HMAC authenticates; it does not hide the message.

HMAC generator online

HMAC combines a secret key with your message to produce an authentication tag. Pick the underlying hash and copy the hex result.

Secret key

Message

Hash

HMAC (hex)

How it works

Enter a secret and a message. The HMAC is computed with the selected hash function.

The output length depends on the hash: SHA-256 gives 32 bytes (64 hex chars), SHA-512 gives 64 bytes (128 hex), SHA-1 gives 20 bytes (40 hex).

What is HMAC?

HMAC provides message authentication: someone with the same secret can verify the tag was created with that key. It is not encryption; the message stays visible.

Secrets

Do not share your secret in URLs or email. This page does not transmit your key; still avoid pasting production secrets on shared machines.

Common questions

Which hash should I pick?: Prefer SHA-256 or SHA-512 for new work. SHA-1 is legacy only.
Is the secret stored?: No. Everything runs locally.
Can I verify a server HMAC?: Yes, if you use the same key, message, and hash algorithm, the hex should match.
Is this encryption?: No. HMAC authenticates; it does not hide the message.