Skip to main content
CheckTown
Dev Tools

HMAC: How Hash-Based Message Authentication Works

Published 6 min read
In this article

What Is HMAC?

HMAC (Hash-based Message Authentication Code) is a cryptographic mechanism that combines a secret key with a hash function to produce a message authentication code. Unlike a plain hash, HMAC proves both the integrity and authenticity of a message — it tells you that the data has not been tampered with and that it came from someone who knows the secret key.

HMAC was defined in RFC 2104 and is used in TLS, IPsec, JWT signatures, and API webhook verification. The algorithm is resistant to length-extension attacks that affect plain hash functions like SHA-256, making it the standard choice for keyed message authentication.

How HMAC Works

HMAC uses a two-pass hashing approach with inner and outer padding. The secret key is padded to the hash function's block size, then XORed with two different constants (ipad and opad) to produce two derived keys.

  • Inner hash — the key is XORed with ipad (0x36 repeated), concatenated with the message, and hashed: H(K XOR ipad || message)
  • Outer hash — the key is XORed with opad (0x5C repeated), concatenated with the inner hash result, and hashed again: H(K XOR opad || inner_hash)
  • Final output — the result of the outer hash is the HMAC value, typically represented as a hexadecimal string

This double-hashing construction prevents length-extension attacks. Even if an attacker knows H(message), they cannot compute HMAC(key, message || extra_data) without the secret key.

HMAC Algorithms

The HMAC construction works with any cryptographic hash function. The most common choices are SHA-256, SHA-384, and SHA-512, though SHA-1 and MD5 are still found in legacy systems.

  • HMAC-SHA256 — 256-bit output, the most widely used variant for API authentication, JWT HS256 signatures, and webhook verification. Recommended key size: 32 bytes
  • HMAC-SHA384 — 384-bit output, used in TLS 1.3 cipher suites and high-security applications. Recommended key size: 48 bytes
  • HMAC-SHA512 — 512-bit output, preferred when maximum security margin is needed or when the platform handles 64-bit operations efficiently. Recommended key size: 64 bytes

The key should be at least as long as the hash output. Shorter keys are padded, longer keys are hashed first. For most applications, HMAC-SHA256 with a 32-byte random key provides excellent security.

Try it free — no signup required

Generate HMAC Signatures →

Common Use Cases

HMAC is the foundation of many security protocols and API authentication schemes.

  • API authentication — services like Stripe, GitHub, and AWS use HMAC signatures to verify webhook payloads, ensuring requests genuinely came from the provider
  • JWT signing — the HS256, HS384, and HS512 algorithms in JSON Web Tokens use HMAC to sign the token payload, allowing receivers to verify the token was not modified
  • Message integrity — HMAC verifies that data transmitted over a network has not been altered in transit, used in TLS record layer and IPsec authentication headers
  • OAuth 1.0a — the HMAC-SHA1 signature method signs OAuth request parameters to prove the request came from an authorized client

HMAC vs Other Authentication Methods

HMAC is one of several approaches to message authentication. Each has different trade-offs in terms of security, performance, and key management.

  • HMAC vs digital signatures — HMAC uses a shared secret key (symmetric), while digital signatures use public/private key pairs (asymmetric). HMAC is faster but requires both parties to share the same secret. Digital signatures provide non-repudiation.
  • HMAC vs API keys — API keys are simple bearer tokens sent in headers. HMAC signs the request content, so intercepting a previous request does not allow forging new ones. HMAC provides replay protection when combined with timestamps or nonces.
  • HMAC vs plain hashing — hashing a message with SHA-256 proves integrity but not authenticity. Anyone can compute SHA-256(message). HMAC requires the secret key, so only authorized parties can generate valid signatures.

Frequently Asked Questions

What is the ideal HMAC key length?

The key should be at least as long as the hash output — 32 bytes for HMAC-SHA256, 48 bytes for HMAC-SHA384, and 64 bytes for HMAC-SHA512. Keys shorter than the hash output weaken the security guarantee. Keys longer than the block size (64 bytes for SHA-256, 128 bytes for SHA-512) are hashed first, so there is no benefit to extremely long keys.

Is HMAC the same as encryption?

No. HMAC provides authentication and integrity, not confidentiality. An HMAC signature proves a message was not tampered with and was created by someone with the secret key, but the original message remains readable. If you need to hide message content, use encryption (AES, ChaCha20) in addition to HMAC.

Can I use HMAC in the browser with the Web Crypto API?

Yes. The Web Crypto API supports HMAC natively via crypto.subtle.importKey() and crypto.subtle.sign(). You can generate HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 signatures entirely client-side without any external libraries. This is the approach used by modern browser-based HMAC tools.

Related Tools

Hash Generator: MD5, SHA-256 and More — When to Use EachHashing is fundamental to security and data integrity. Learn which algorithm to choose and when.Read article → JWT Decoder: Inspect and Debug JSON Web Tokens OnlineJWTs power modern authentication. Learn how to decode, inspect, and debug tokens without any tools.Read article → bcrypt: How Password Hashing Works and Why It MattersLearn how bcrypt protects passwords with adaptive hashing, salt, and cost factor tuning.Read article →
Back to Blog