HMAC Signature Generator/Verifier

Your data security is our top priority. All signature generation and verification happen entirely in your browser. This tool does not store or transmit your payloads, secrets, or signatures outside of the browser. See source code in: https://github.com/authgear/authgear-widget-hmac-tool

How the Tool Works

Step 1.

Enter Payload:

Input the exact message or payload content you want to sign or verify.

Step 2.

Provide Webhook Secret:

Insert the shared secret key used for HMAC generation, typically known only to you and your webhook provider.

Step 3.

Select HMAC Algorithm:

Pick from HS256, HS384, or HS512 according to your application’s configuration.

Step 4.

Generate Signature:

Click to compute the HMAC signature for your payload and secret using the selected algorithm.

Step 5.

Paste Received Signature to Verify:

Paste the signature you received from an external system/webhook to compare against your own generated signature.

Supported Algorithms

Generate and convert cryptographic keys in PEM and JWK formats for secure signing and encryption.

HS256

HMAC + SHA-256

HS384

HMAC + SHA-384

HS512

HMAC + SHA-512

What is HMAC?

HMAC (Hash-Based Message Authentication Code) is a mechanism that uses a cryptographic hash function and a secret key to produce a signature for a message or payload. This signature provides both data integrity and authentication, ensuring that the message has not been tampered with and is genuinely from the claimed sender.