在浏览器中,使用 SHA-1、SHA-256、SHA-384 或 SHA-512 为消息和密钥生成 HMAC。
如何使用 HMAC
选择一个哈希算法。
输入你的密钥和消息。
复制以十六进制摘要显示的 HMAC。
An HMAC generator that signs a message with a secret key using SHA-1, SHA-256, SHA-384 or SHA-512, and shows the result as a hex digest. Pick an algorithm, enter the key and the message, and copy the signature.
HMAC stands for hash-based message authentication code. It is a keyed hash: combining a secret key with the message proves two things at once, that the message was created by someone who holds the key, and that it has not been altered in transit.
The difference from a plain hash is the key. Anyone can compute a SHA-256 of a message, but only someone with the shared secret can produce the correct HMAC, which is what turns a checksum into proof of authenticity.
That is why it is everywhere in web infrastructure. Webhooks from services like Stripe, GitHub and Slack sign each request with an HMAC so your server can verify the call really came from them, and many APIs sign requests the same way.
SHA-256 is the common default; SHA-384 and SHA-512 are stronger, while SHA-1 is legacy and best avoided for new systems.
It runs locally with the Web Crypto API, so your key and message are never uploaded, which is important since the key is a secret.
常见问题
一种带密钥的哈希,证明消息是由持有密钥者创建且未被篡改。它广泛用于 API 请求签名和 webhook。
不会。HMAC 在你的浏览器中使用 Web Crypto API 计算,因此密钥和消息永远不会离开你的设备。
SHA-256 是常见的默认选择。SHA-384 和 SHA-512 更强;SHA-1 已过时,新系统最好避免使用。
嵌入此工具
将此工具添加到你自己的网站。复制下方代码片段即可,它会自动保持最新。
<iframe src="https://monu.tools/embed/zh/hmac-generator" width="100%" height="640" style="border:1px solid #e5e5e5;border-radius:12px;max-width:680px" loading="lazy" title="Monu Tools"></iframe>相关工具