HMAC signing

HMAC turns a shared secret and an arbitrary message into a short authentication tag. AWS Signature V4, Stripe and GitHub webhooks, JWT HS256: all HMAC-SHA256 underneath.

Secret key

In production the key would be random bytes pulled from a KMS; this textbox is for showing how the output flips when the key flips.

Message

Hash

Signature

–

Why not just hash key || message?

The naive construction H(key || msg) is vulnerable to length-extension on Merkle–Damgård hashes (MD5, SHA-1, SHA-2): an attacker who knows a valid tag for one message can compute a valid tag for an extended message without knowing the key. HMAC's double-hash with two padded keys neutralizes the attack. SHA-3 and BLAKE3 are immune by construction, but HMAC-SHA256 remains the safest interoperable default.