concept

HMAC

HMAC (Hash-Based Message Authentication Code) is a cryptographic technique that combines a secret key with a message and a hash function to produce a message authentication code, ensuring data integrity and authenticity. It verifies that a message has not been altered in transit and originates from a trusted sender by using a shared secret key. HMAC is widely used in network protocols, APIs, and security systems to protect against tampering and forgery.

Also known as: Hash-Based Message Authentication Code, Keyed-Hash Message Authentication Code, HMAC-SHA256, HMAC-MD5, Message Authentication Code
🧊Why learn HMAC?

Developers should learn HMAC when building secure applications that require message authentication, such as in API authentication (e.g., OAuth, JWT), data transmission (e.g., HTTPS, TLS), or digital signatures. It is essential for scenarios where you need to verify the integrity and origin of data without encryption, such as in webhooks, file integrity checks, or secure communication between services. HMAC provides a lightweight and efficient way to ensure trust in untrusted environments.

Compare HMAC

HMAC vs Digital SignaturesHMAC vs Symmetric EncryptionHMAC vs Mac Algorithms

Learning Resources

📄
RFC 2104 - HMAC: Keyed-Hashing for Message Authentication
docs
📝
HMAC Explained - Khan Academy
tutorial
🎓
Cryptography I - Coursera (includes HMAC)
course
📝
HMAC in Python - Real Python Tutorial
tutorial
📄
HMAC - Wikipedia
docs

Related Tools

CryptographyApi AuthenticationHash FunctionsDigital SignaturesSecurity

Alternatives to HMAC

Digital SignaturesSymmetric EncryptionMac Algorithms