jquery.app
English
EnglishDeutschFrancaisEspanol日本語Nederlands

HTML Tools

Free Hash and HMAC Generator

A browser-based hash and HMAC generator that provides ready-to-use JavaScript code snippets for computing cryptographic hashes with the Web Crypto API. Supports SHA-256, SHA-384, SHA-512, SHA-1, and MD5. For HMAC (keyed hash), provide a secret key. The tool generates copy-paste JavaScript code that works in any modern browser.

Loading tool...

What is Hash and HMAC Generator?

A browser-based hash and HMAC generator that provides ready-to-use JavaScript code snippets for computing cryptographic hashes with the Web Crypto API. Supports SHA-256, SHA-384, SHA-512, SHA-1, and MD5. For HMAC (keyed hash), provide a secret key. The tool generates copy-paste JavaScript code that works in any modern browser.

quickAnswer

Generate JavaScript code to compute SHA-256, SHA-384, SHA-512, SHA-1, or MD5 hashes. HMAC mode available with a secret key. Uses the Web Crypto API — runs in all modern browsers.

Last updated: 2026-06-08

limitations

  • The Web Crypto API (crypto.subtle) is asynchronous — the generated code uses Promises, which may add complexity for simple use cases.
  • MD5 is not supported by crypto.subtle.digest in modern browsers. For MD5, you need a third-party library or manual implementation.
  • This tool generates code snippets, not direct hash output — it is an educational and code-generation tool, not an instant hash calculator.

Sources:MDN Web Docs · W3C Specifications · jquery.app on GitHub

How to use this tool

  1. Choose a hash algorithm (SHA-256 recommended for security).
  2. Enter the text you want to hash.
  3. Enable HMAC mode if you need a keyed hash and provide a secret key.
  4. Copy the generated JavaScript code and use it in your project.

What you can use it for

  • Generate a SHA-256 hash of a password before storing it (with a salt in production).
  • Create an HMAC signature for API request authentication using a shared secret key.
  • Verify file integrity by comparing a SHA-256 hash against a known checksum value.

Use cases

Practical examples

example

API request signing with HMAC

A developer needs to sign API requests with HMAC-SHA256. They use the hash generator to create the signing code, providing their API secret as the key. The generated JavaScript snippet computes the HMAC signature for each request body.

example

Password hash verification

A developer wants to hash user passwords before storing them. They use SHA-256 with a salt (appended to the password before hashing) and include the generated code in their authentication flow.

Common mistakes

  • Using MD5 or SHA-1 for security purposes — both are cryptographically broken. Use SHA-256 or stronger for any security application.
  • Hardcoding secret keys in client-side JavaScript — HMAC keys should be stored server-side only. The browser code is for demonstration and testing.
  • Forgetting that hashing is not encryption — hashed data cannot be recovered. This is intentional for password storage but incorrect for data that needs to be decrypted.

verification

  1. Copy the generated SHA-256 code and run it in your browser console with a known input. Verify the output matches the expected hash.
  2. Test HMAC mode with the key 'key' and message 'message'. Verify the HMAC-SHA256 output matches the known test vector.

FAQ

Questions about Hash and HMAC Generator

Is the hashing done in the browser or sent to a server?

The code this tool generates runs entirely in the browser using the Web Crypto API (crypto.subtle.digest). No data is sent anywhere. The tool provides JavaScript snippets that you can use in your own projects — the actual hashing happens wherever you run that code.

Why does this tool generate code instead of computing the hash directly?

The Web Crypto API (crypto.subtle.digest) is asynchronous — it returns a Promise. This makes it difficult to show results in a simple synchronous form. Instead, the tool generates copy-paste JavaScript that handles the async flow correctly, which is more useful for developers who need to integrate hashing into their own code.

Can I use this for production password hashing?

No. For production password storage, you should use a dedicated password hashing algorithm like bcrypt, scrypt, or Argon2 — not plain SHA-256. These algorithms include built-in salting and are designed to be slow (computationally expensive) to resist brute-force attacks. SHA-256 is too fast for password hashing.

Related tools

More html tools

Html

ARIA Live Region Generator

Generate accessible ARIA live region HTML snippets with role, aria-live, aria-atomic, and aria-relevant attributes. Includes optional JavaScript update function.

Open tool

Html

CSP Hash Generator

Generate CSP hash values for inline scripts and styles. Hash exact code content with SHA-256, SHA-384, or SHA-512 and get the matching CSP directive snippet.

Open tool

Also try

Also try

Seo

AI Crawler robots.txt Builder

Build a robots.txt policy for AI crawlers. Choose from open, selective, or strict presets and block specific AI training bots while allowing search engines.

Open tool