Generate and verify HMAC signatures using SHA-256, SHA-384 or SHA-512. Perfect for webhook verification, API authentication, and debugging signed requests. All crypto runs in your browser.
Paste an existing signature to compare it against the computed HMAC above.
HMAC proves a message was authored by someone holding the shared secret and that it wasn't tampered with in transit. Stripe, GitHub, Shopify, and most webhook providers use it.
Stripe uses hex. GitHub uses hex with a sha256= prefix. AWS Sig v4 uses hex. JWT-style services use Base64-URL. Always check your provider's docs — the byte content is identical, just encoded differently.
No. Signing happens entirely inside the browser via the Web Crypto API. Nothing is uploaded, logged, or stored.