计算结果准确吗？

计算使用标准 JavaScript 浮点运算，对大多数实际用途而言足够准确。

可以保存计算结果吗？

您可以将结果复制到剪贴板。登录后可将常用工具保存到仪表板。

这是财务建议吗？

不是。财务计算器仅供信息和教育目的使用。财务决策请咨询专业人士。

结果会实时更新吗？

是的！结果会在您更改输入值时即时更新——无需点击计算按钮。

HMAC 生成器IT & 开发者工具Instant browser workflowFocused single-task utilityNo setup required

Feedback

HMAC 生成器

使用 SHA-256、SHA-384 或 SHA-512 生成 HMAC 签名

HMAC-SHA-256Waiting for input0 message charsSecret0Output0

消息

Choose an algorithm, enter a secret key, and sign any message payload directly in the browser.

算法

密钥

消息

HMAC 输出

HMAC 签名将显示在此

继续下一步

用相关的下一个操作延续你的工作流程。

Hash 生成器

生成 SHA-1、SHA-256、SHA-384、SHA-512 哈希值

Bcrypt 哈希生成器

使用 Bcrypt 哈希密码并验证哈希值

Token / 密钥生成器

以多种格式生成随机 Token、API 密钥和密码

算法HMAC-SHA-256Message length0Secret length0结果尚无结果

Privacy & Trust

Browser-side signing

The message and secret stay in the browser while the HMAC is computed with the Web Crypto API.

Integrity, not encryption

HMAC proves authenticity and tamper resistance when both sides share the same secret. It does not hide the original message.

Secret reuse matters

Protect the signing key carefully and avoid sharing it between unrelated environments or products.

Export signature

Generate a signature to enable export.

HMAC 生成器算法: SHA-256 Message length: 0 Secret length: 0 Output length: 0 No signature generated yet.

使用方法

输入数值

在输入栏中填入您的数字或参数。

即时获取结果

结果在您输入时自动更新——无需按计算按钮。

复制或保存

将结果复制到剪贴板或用于您的工作流程。

为什么使用此工具

100% 免费

没有隐藏费用，没有付费等级——所有功能完全免费。

无需安装

完全在浏览器中运行。无需下载或安装任何软件。

隐私且安全

您的数据永远不会离开您的设备。不会上传至任何服务器。

支持移动设备

完全响应式设计——在手机、平板或桌面电脑上均可使用。

HMAC: Hash-Based Message Authentication Codes

Key Takeaways

HMAC combines a cryptographic hash function with a secret key to provide both data integrity and authentication.
Unlike plain hashes, HMAC proves that the message was created by someone who knows the secret key — preventing tampering and forgery.
All HMAC generation is performed in your browser using the Web Crypto API — your keys and data remain private.

HMAC (Hash-based Message Authentication Code) is a mechanism for verifying both the integrity and authenticity of a message. It is used extensively in API authentication (AWS Signature V4), webhook verification (GitHub, Stripe), and secure communication protocols. HMAC is more secure than simple hash verification because it requires knowledge of a shared secret key.

HMAC-SHA256 is used to authenticate over 1 billion API requests per day across major cloud platforms.

Scale of Use

Key Concepts

How HMAC Works

HMAC processes the key through two rounds of hashing with different padding (ipad and opad), making it resistant to length extension attacks that affect plain hash functions.

HMAC vs. Plain Hash

A plain hash (SHA-256 of a message) can be computed by anyone. HMAC requires the secret key, so only authorized parties can generate a valid MAC. This provides authentication in addition to integrity.

Webhook Signature Verification

Services like GitHub and Stripe sign webhook payloads with HMAC-SHA256 using a shared secret. The receiver recomputes the HMAC and compares it with the signature header to verify authenticity.

Timing-Safe Comparison

When verifying HMAC signatures, always use constant-time comparison functions to prevent timing attacks that could leak information about the expected value byte by byte.

Pro Tips

Use HMAC-SHA256 as your default — it offers an excellent balance of security and performance for most applications.

Keep HMAC keys at least as long as the hash output (32 bytes for SHA-256) for maximum security.

Rotate HMAC keys periodically and support multiple active keys during transition periods.

Never log or expose HMAC keys in error messages, URLs, or client-side code.

All HMAC computation is performed entirely in your browser using the Web Crypto API. Your secret keys and message data are never transmitted to any external server.

Sources