HMAC-SHA256 (Hash-based Message Authentication Code using SHA-256) is a cryptographic algorithm that combines a secret key with SHA-256 hashing to produce a 256-bit (64 hex character) authentication tag. It is used to verify both data integrity and authenticity.

Does my data leave my device?

No. All HMAC computation is performed by the browser's built-in Web Crypto API (SubtleCrypto). Nothing is transmitted to any server.

Does it work on mobile?

Yes. The Web Crypto API is supported in all modern mobile browsers including Safari on iOS and Chrome on Android.

HMAC-SHA256 Generator — Online Message Authentication

HMAC-SHA256 Generator

Compute HMAC-SHA256 authentication codes with a secret key. Powered by the Web Crypto API.

100% client-side · no upload

Secret key

Message

HMAC-SHA256 (hex)

What is HMAC-SHA256?

HMAC-SHA256 combines a secret key with SHA-256 to produce a 256-bit (64 hex character) tag that proves both that a message has not been tampered with and that the sender knew the secret key. It is widely used in API authentication (e.g., AWS Signature Version 4, webhook signatures), JSON Web Tokens (JWTs), and cookie signing.

How to use

Enter your secret key in the first field.
Enter the message you want to authenticate.
The HMAC-SHA256 hex digest updates automatically as you type.

Frequently Asked Questions

What is HMAC-SHA256?: HMAC-SHA256 (Hash-based Message Authentication Code using SHA-256) is a cryptographic algorithm that combines a secret key with SHA-256 hashing to produce a 256-bit (64 hex character) authentication tag. It is used to verify both data integrity and authenticity.
Does my data leave my device?: No. All HMAC computation is performed by the browser's built-in Web Crypto API (SubtleCrypto). Nothing is transmitted to any server.
Does it work on mobile?: Yes. The Web Crypto API is supported in all modern mobile browsers including Safari on iOS and Chrome on Android.