HMAC 생성기 (SHA-256 / SHA-384 / SHA-512)
무료 온라인 HMAC 생성기. 비밀 키와 메시지를 입력하면 브라우저의 Web Crypto API로 HMAC-SHA256, HMAC-SHA384 또는 HMAC-SHA512 인증 코드를 계산합니다. 출력은 16진수 또는 Base64. 모든 처리는 로컬에서 이루어지며 키와 메시지는 전송되지 않습니다.
HMAC Generator
Compute an HMAC (Hash-based Message Authentication Code) from a secret key and a message, right in your browser. HMAC proves two things at once: that a message came from someone who holds the shared secret key, and that it hasn’t been altered in transit.
How HMAC differs from a plain hash
A plain hash like SHA-256 can be computed by anyone, so it only detects accidental corruption — an attacker who changes the message can simply recompute the hash. HMAC mixes a secret key into the hashing process, so only parties who know the key can produce or verify a valid code. It’s the standard building block for API request signing, webhook verification, and session tokens.
Using the tool
- Enter the secret key shared between sender and receiver.
- Enter the message to authenticate.
- Pick a hash — HMAC-SHA256 is the common default; SHA-384 and SHA-512 offer larger outputs.
- Choose hex or Base64 output to match what your API expects.
Both key and message are treated as UTF-8 text.
Verifying instead of generating
To verify a received message, compute the HMAC over it with the same key and compare against the code you were sent. In production code, always compare using a constant-time comparison to avoid timing side channels.
Privacy
The key and message never leave your browser — the HMAC is computed locally with the Web Crypto API.
References
- RFC 2104, HMAC: Keyed-Hashing for Message Authentication, IETF.
- RFC 4231, HMAC-SHA Identifiers and Test Vectors.