If this tool helped you, you can buy us a coffee ☕
Securely calculate message authentication codes (MAC). Supports SHA256, SHA512, and other algorithms to verify data integrity and sender identity.
Configure parameters to start calculation
Random Password Generator
Customize character types and length to generate strong random passwords and secure your accounts.
CRC16 Checksum Calculator
Online CRC16 checksum tool to calculate 16-bit cyclic redundancy check values for text, Hex, and Base64 data to verify data integrity.
Random Number Generator
Generate random integers or decimals within a specified range, featuring duplicate removal, sorting, and formatted output.
Vigenère Cipher Encoder & Decoder
Encrypt or decrypt text using the classic polyalphabetic substitution algorithm. Ideal for cryptography learning and testing.
Random Password Generator
Customize character types and length to generate strong random passwords and secure your accounts.
CRC16 Checksum Calculator
Online CRC16 checksum tool to calculate 16-bit cyclic redundancy check values for text, Hex, and Base64 data to verify data integrity.
Random Number Generator
Generate random integers or decimals within a specified range, featuring duplicate removal, sorting, and formatted output.
Vigenère Cipher Encoder & Decoder
Encrypt or decrypt text using the classic polyalphabetic substitution algorithm. Ideal for cryptography learning and testing.
Caesar Cipher Encoder & Decoder
Easily encrypt and decrypt text using the Caesar cipher (shift cipher) with custom alphabets and shift values online.
When you need to verify the source of an API request or ensure that transmitted data has not been tampered with, the HMAC-SHA algorithm provides dual protection through key-bound hash calculations. Based on the RFC 2104 standard, this tool combines a secret key of any length with the data to be verified. Using a selected SHA algorithm (such as SHA256 or SHA512), it generates a fixed-length Message Authentication Code (MAC). Typical outputs are 64-character (SHA256) or 128-character (SHA512) hexadecimal strings.
What is the difference between HMAC-SHA and MD5?
MD5 has been proven insecure, whereas modern algorithms like SHA-256 offer much stronger collision resistance. The HMAC structure also provides additional key protection.
Why does the MAC value remain the same for identical inputs?
This is by design: as long as the three elements (key, data, and algorithm) remain unchanged, the MAC value will always be identical. If you need dynamic results, you can append a timestamp or a random nonce to your input.
The secret key must be strictly identical on both sides (including case sensitivity). Processing data larger than 1MB may cause browser performance issues. For financial applications, we recommend using SHA384 or SHA512. Never process highly sensitive keys on public computers.
Typical API signature scenario example:
Input data: method=POST&path=/v1/order&nonce=123456
Secret key: k8J9x$2aP5qL
SHA256 output: 7a3b2c... (64-character hexadecimal)
Note: URL parameters should be sorted alphabetically before calculating the MAC to prevent verification failures caused by parameter order differences.
