Which hash should I pick?

Prefer SHA-256 or SHA-512 for new work. SHA-1 is legacy only.

Can I verify a server HMAC?

Yes, if you use the same key, message, and hash algorithm, the hex should match.

No. HMAC authenticates; it does not hide the message.

HMAC generator online

HMAC combines a secret key with your message to produce an authentication tag. Pick the underlying hash and copy the hex result.

Secret key

Message

Hash

HMAC (hex)

How it works

Enter a secret and a message. The HMAC is computed with the selected hash function.

The output length depends on the hash: SHA-256 gives 32 bytes (64 hex chars), SHA-512 gives 64 bytes (128 hex), SHA-1 gives 20 bytes (40 hex).

What is HMAC?

HMAC provides message authentication: someone with the same secret can verify the tag was created with that key. It is not encryption—the message stays visible.

Secrets

Do not share your secret in URLs or email. This page does not transmit your key; still avoid pasting production secrets on shared machines.

Common questions

Which hash should I pick?: Prefer SHA-256 or SHA-512 for new work. SHA-1 is legacy only.
Is the secret stored?: No. Everything runs locally.
Can I verify a server HMAC?: Yes, if you use the same key, message, and hash algorithm, the hex should match.
Is this encryption?: No. HMAC authenticates; it does not hide the message.