HMAC Generator Security Verkfæris
No Network
is
English 日本語 ລາວ Монгол Oʻzbekcha Тоҷикӣ Кыргызча Қазақша Azərbaycan Հայերեն ქართული العربية Български বাংলা čeština Dansk Deutsch Ελληνικά Español Eesti Suomi Français हिन्दी ગુજરાતી ಕನ್ನಡ मराठी മലയാളം Srpski Slovenčina Slovenščina Kiswahili Hrvatski Magyar Indonesia Italiano 한국어 Lietuvių Latviešu Nederlands Norsk Svenska Polski Português Română Русский Українська Беларуская Shqip اردو தமிழ் తెలుగు Türkçe ภาษาไทย Tiếng Việt 简体中文 繁體中文 עברית ខ្មែរ Melayu မြန်မာ ਪੰਜਾਬੀ සිංහල Tagalog नेपाली فارسی is mk ps

HMAC Generator (HMAC-SHA256 in Browser)

A no-network HMAC SHA256 generation page for fast HMAC calculation and signature verification.

Everything runs locally in your browser. Keys and messages are never transmitted or saved.

Local computation No storage Hex and Base64
No network transmission

How to use (HMAC signature)

  1. Enter the key. If your API spec provides binary key bytes, choose Hex or Base64 inntak format.
  2. Enter the message payload to sign.
  3. Choose úttak format (Hex / Base64 / Base64URL) and copy the niðurstaða.
HMAC works on bytes, not visual text. UTF-8 encoding, newline differences, and extra spaces will change the niðurstaða.

Examples (test vectors)

Example 1 (short check)

Inntak: Key = secret (UTF-8), Message = message (UTF-8)

HMAC-SHA256 (Hex):
8b5f48702995c1598c573db1e21866a9b825d4a794d169d7060a03605796360b

HMAC-SHA256 (Base64):
i19IcCmVwVmMVz2x4hhmqbgl1KeU0WnXBgoDYFeWNgs=

Example 2 (common phrase)

Inntak: Key = key, Message = The quick brown fox jumps over the lazy dog

Hex:
f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8

Base64:
97yD9DBThCSxMpjmqm+xQ+9NWaFJRhdZl0edvC0aPNg=

Common pitfalls

  • LF vs CRLF newline differences produce different signatures.
  • Trimming leading/trailing whitespace may break API signature matching.
  • Base64URL often means + to -, / to _, and omitted = padding. Check your API spec.
  • If a key is distributed as Hex/Base64 bytes, treating it as plain text causes mismatches.

Algengar spurningar

Is my key stored?

No. This verkfæri computes in your browser and does not send key/message inntaks to any server.

Base64 or Hex?

Both are common. You can choose Hex / Base64 / Base64URL úttak to match your API spec.

What character encoding is used (UTF-8)?

Text inntak is encoded as UTF-8 before HMAC calculation. For binary values, use Hex/Base64 inntak.

What is the difference between HMAC and SHA-256 hash?

SHA-256 is a plain hash. HMAC adds a secret key for message authentication.

My úttak does not match. What should I check?

Check key interpretation (text vs bytes), newline handling, whitespace trimming, and Base64URL rules.

Supplement

What is HMAC?

HMAC is a keyed-hash message authentication code using a secret key and a hash function.

Difference from SHA-256

SHA-256 alone has no secret key. HMAC-SHA256 requires a shared key and is used for signatures.

Typical use cases

API beiðni signing, webhook verification, and token integrity checks.