Monu Tools

HMAC 產生器

在瀏覽器中使用 SHA-1、SHA-256、SHA-384 或 SHA-512 為訊息和密鑰生成 HMAC。

如何使用 HMAC

  1. 01

    選擇雜湊演算法。

  2. 02

    輸入密鑰和訊息。

  3. 03

    複製以十六進位摘要顯示的 HMAC。

Sign a message with a key

An HMAC generator that signs a message with a secret key using SHA-1, SHA-256, SHA-384 or SHA-512, and shows the result as a hex digest. Pick an algorithm, enter the key and the message, and copy the signature.

What an HMAC proves

HMAC stands for hash-based message authentication code. It is a keyed hash: combining a secret key with the message proves two things at once, that the message was created by someone who holds the key, and that it has not been altered in transit.

The difference from a plain hash is the key. Anyone can compute a SHA-256 of a message, but only someone with the shared secret can produce the correct HMAC, which is what turns a checksum into proof of authenticity.

Where HMAC shows up

That is why it is everywhere in web infrastructure. Webhooks from services like Stripe, GitHub and Slack sign each request with an HMAC so your server can verify the call really came from them, and many APIs sign requests the same way.

Choosing an algorithm

SHA-256 is the common default; SHA-384 and SHA-512 are stronger, while SHA-1 is legacy and best avoided for new systems.

Security note

It runs locally with the Web Crypto API, so your key and message are never uploaded, which is important since the key is a secret.

常見問題

什麼是 HMAC?

一種帶金鑰的雜湊,用於證明訊息是由持有密鑰的人建立的,且未被篡改。廣泛用於 API 請求簽署和 Webhook。

我的密鑰會傳送到任何地方嗎?

不會。HMAC 使用 Web Crypto API 在瀏覽器中計算,密鑰和訊息永遠不會離開您的裝置。

應該使用哪種演算法?

SHA-256 是常見的預設選擇。SHA-384 和 SHA-512 更強;SHA-1 是遺留算法,新系統最好避免使用。

來源

嵌入此工具

將此工具加入你自己的網站。複製下方的程式碼片段,它會自動保持最新。

<iframe src="https://monu.tools/embed/zh-Hant/hmac-generator" width="100%" height="640" style="border:1px solid #e5e5e5;border-radius:12px;max-width:680px" loading="lazy" title="Monu Tools"></iframe>

相關工具