HMAC combines a cryptographic hash function with a secret key to provide message authentication and integrity. It verifies both the data integrity and the authenticity of the message.
Inputs
Algorithm: The HMAC algorithm (determines the underlying hash function).
Key: The secret key in hexadecimal. Any length is accepted; keys shorter than the hash block size are zero-padded, longer keys are hashed first.
Data: The message to authenticate in HEX or ASCII format.
Tips
HMAC-SHA-256 is the most commonly recommended algorithm.
HMAC is used in TLS, JWT tokens, API authentication, and message integrity verification.
Unlike raw hashing, HMAC is resistant to length-extension attacks.