RevealTheme logo

Generador de HMAC

Genera firmas HMAC usando SHA-1, SHA-256, SHA-384 o SHA-512.

Cómo usar esta herramienta

  1. 1

    Pick a hash algorithm from the dropdown: SHA-1, SHA-256, SHA-384, or SHA-512.

  2. 2

    Type or paste your shared secret key into the key field.

  3. 3

    Type or paste the message you want to authenticate into the message box.

  4. 4

    Click Generate to compute the HMAC; the lowercase hex digest appears below.

¿Qué es el Generador de HMAC?

HMAC (Hash-based Message Authentication Code) verifica tanto la integridad como la autenticidad de un mensaje usando una clave secreta compartida. Es la base de las firmas de webhook, la firma de solicitudes de API (AWS Signature V4, webhooks de Stripe) y los algoritmos HS256/HS384/HS512 de los JWT.

Casos de uso comunes

  • Verify an incoming webhook by recomputing the HMAC of the raw request body with your endpoint's signing secret and comparing it to the provider's signature header.

  • Check a Stripe webhook locally: HMAC-SHA256 the timestamped payload with your whsec_ secret to confirm your verification logic before deploying.

  • Debug a mismatched signature by pasting the exact bytes your server and client each signed to see which side is wrong.

  • Generate a quick integrity tag for a config file or message so a teammate with the same key can confirm it was not altered in transit.

  • Teach or learn how HMAC differs from a bare hash by toggling algorithms and watching the digest length change.

  • Sanity-check a single HMAC step of a larger signing scheme (such as one round of the AWS SigV4 key-derivation chain) during development.

Preguntas frecuentes

¿Es HMAC lo mismo que un hash?
No. Un hash simple (SHA-256) puede calcularlo cualquiera. HMAC requiere una clave secreta: sin ella, no puedes verificar ni falsificar la firma.

Herramientas relacionadas