HMAC Generator
Generate HMAC signatures using SHA-256, SHA-512, or MD5 with a secret key.
Frequently Asked Questions
Is the HMAC Generator secure?
Yes. All cryptographic operations use the browser's built-in Web Crypto API, a FIPS-approved implementation. Everything runs client-side — no keys, passwords, or tokens are ever sent to a server.
How does signature work in this tool?
This tool leverages the browser's native Web Crypto API to perform signature operations. The algorithm executes entirely inside your browser's JavaScript engine so your sensitive data is never exposed to any external service.
What is the difference between hmac and encryption?
Hmac typically produces a fixed-length output that cannot be reversed, making it ideal for verification and integrity checks. Encryption is a two-way process that allows the original data to be recovered with the correct key.
Can I use HMAC Generator offline?
Yes. When you install Web Developer Toolbox as a Progressive Web App (PWA), the HMAC Generator works fully offline — the service worker caches all assets so no internet connection is required.
How long should my hmac be?
Current industry best practices recommend at least 128 bits (16 bytes) for tokens and at least 256 bits for cryptographic secrets. Longer values provide significantly stronger security guarantees against brute-force attacks.