Which hash should I pick?

Prefer SHA-256 or SHA-512 for new work. SHA-1 is legacy only.

Can I verify a server HMAC?

Yes, if you use the same key, message, and hash algorithm, the hex should match.

No. HMAC authenticates; it does not hide the message.

HMAC Generator Online – SHA-256, SHA-512 & SHA-1 Keyed Hashes

Build an HMAC tag from a shared secret and message to match APIs or verify tokens. Pick the hash, copy hex output, and compare HMAC values against server-side results.

Secret key

Message

Hash

HMAC (hex)

Related tools

How it works

Enter a secret and a message. The HMAC is computed with the selected hash function.

The output length depends on the hash: SHA-256 gives 32 bytes (64 hex chars), SHA-512 gives 64 bytes (128 hex), SHA-1 gives 20 bytes (40 hex).

What is HMAC?

HMAC provides message authentication: someone with the same secret can verify the tag was created with that key. It is not encryption; the message stays visible.

Secrets

Do not share your secret in URLs or email. This page does not transmit your key; still avoid pasting production secrets on shared machines.

Common questions

Which hash should I pick?: Prefer SHA-256 or SHA-512 for new work. SHA-1 is legacy only.
Is the secret stored?: No. Everything runs locally.
Can I verify a server HMAC?: Yes, if you use the same key, message, and hash algorithm, the hex should match.
Is this encryption?: No. HMAC authenticates; it does not hide the message.

HMAC generator

Related tools

How it works

What is HMAC?

Secrets

Common questions