Hash Toolkit · Message security

HMAC Text Generator & Verifier

Produce keyed hashes for signing webhooks, verifying API payloads, or testing cryptographic workflows. CipherTools never transmits your secrets—everything stays inside this tab. Need to hash files with a shared secret? Try thefile HMAC tool →

Text HMAC generator

Generate keyed hashes (HMAC) entirely in your browser. Choose SHA-2, SHA-3, RIPEMD-160, or MD5 as the underlying digest, switch encodings, and verify expected MACs instantly.

Message to authenticate

Characters: 0Bytes: 0

Message encoding

Secret key

Characters: 0Bytes: 0

Key encoding

An HMAC key is required before hashing.

Hashes update automatically after you pause typing, but you can force a refresh anytime.

Algorithm

Output encoding

HMAC digest

Enter a message and key to begin.

Verification target

Enter a target hash to validate.

HMAC overview

HMAC (Hash-based Message Authentication Code) mixes a cryptographic hash with a shared secret to detect tampering and verify the sender. The default HMAC-SHA-256 profile balances speed and security for most webhook signatures, API payloads, and SDK tests, while options such as HMAC-SHA-512, HMAC-SHA-384, HMAC-SHA-224, HMAC-SHA-1, HMAC-SHA3-256, HMAC-SHA3-512, HMAC-RIPEMD-160, or HMAC-MD5 help with platform parity or legacy compatibility.

CipherTools currently supports HMAC-SHA-256, HMAC-SHA-512, HMAC-SHA-384, HMAC-SHA-224, HMAC-SHA-1, HMAC-SHA3-256, HMAC-SHA3-512, HMAC-RIPEMD-160, or HMAC-MD5 HMAC variants. Every calculation happens inside this browser session—no network requests, caching, or data retention after refresh.