Advertisements

headerup to 320x100 / 728x90

HMAC-SHA1 Generator

Generate an HMAC-SHA1 code to sign webhook payloads, AWS-style requests, or legacy API authentication schemes.

Secret:
Input
Loading editor...
Output

Output will appear here...

Advertisements

content bottomup to 300x250

What is HMAC-SHA1 Generator

Last reviewed:

HMAC (Hash-based Message Authentication Code) combines a cryptographic hash with a secret key to verify both the integrity and authenticity of a message.

HMAC-SHA1 Generator returns an RFC 2104 HMAC-SHA1 signature of a message using a shared secret key, in hexadecimal form.

Although HMAC-SHA256 is preferred today, HMAC-SHA1 still drives OAuth 1.0, many webhook providers, legacy AWS signing, and assorted enterprise APIs, so a quick reference tool is valuable.

Why use it

  • Reproduce OAuth 1.0 signatures during API debugging.
  • Verify webhook signatures from GitHub, Bitbucket, and other providers that still support HMAC-SHA1.
  • Sign request payloads for legacy AWS authentication scenarios.
  • Generate reference vectors when porting HMAC-SHA1 code between languages.
  • Avoid firing up OpenSSL for a one-off signature check.

Features

  • 40-character HMAC-SHA1 hex output
  • Matches OpenSSL `dgst -sha1 -hmac`
  • Handy for OAuth 1.0 and webhook debugging
  • No upload — signing happens locally
  • Instant recompute as you edit key or message

How to use HMAC-SHA1 Generator

  1. Paste the message. Drop the exact canonical request string into the input panel.
  2. Enter the shared secret. Paste the secret in the Secret field — make sure it matches your peer's key exactly.
  3. Copy the hex signature. Use the copy button to paste the HMAC-SHA1 hex digest into your Authorization header.

Example (before/after)

Message + key

message: webhook-signature
key: sha1-webhook-key

HMAC-SHA1 hex digest

d8d02d8f7f7e4b9f7fba94f2b6a7c1abde5e7a5e

Common errors

Using the wrong signing string

Many APIs build a canonical string to sign. Passing the raw body without canonicalization produces a different signature.

Fix: Follow the API's canonical request specification exactly.

Wrong encoding in output format

Some services expect base64 instead of hex.

Fix: Convert hex to base64 with a dedicated tool if your peer expects that format.

Secret key mismatch

Extra whitespace or wrong encoding in the key changes the signature.

Fix: Confirm the key is exactly the shared secret, with no trailing newline.

FAQ

Is HMAC-SHA1 still safe?

It is considered acceptable for authentication because of the secret key, but new systems should use HMAC-SHA256.

What output length does it produce?

160 bits (40 hex characters).

Can I get base64 output?

Yes, convert the hex result to base64 using a text-to-base64 tool.

Why is my signature different from the server's?

Most commonly the canonical string, headers, or encoding differ. Double-check both exactly.

Does this tool match Node's crypto module?

Yes. `crypto.createHmac('sha1', key).update(msg).digest('hex')` produces the same output.

Is my key sent anywhere?

No. HMAC is computed in the browser.

Related tools

Try HMAC-SHA256 for stronger signatures, or inspect raw SHA-1 and OAuth helpers. You can also browse the full Cryptography & Hashing category for more options.

SHA1 Hash

Generate SHA-1 cryptographic hash

HMAC Generator

Generate HMAC authentication codes

Text Checksum Generator

Generate MD5, SHA-1, SHA-256, SHA-384, SHA-512, or SHA3 checksums from pasted text, perfect for quick integrity checks and deduplication.

HMAC-MD5 Generator

Generate an HMAC-MD5 message authentication code from a plaintext message and shared secret key.

HMAC-SHA224 Generator

Generate a keyed SHA-224 HMAC fingerprint for compact message authentication in embedded and IoT systems.

HMAC-SHA256 Generator

Generate an HMAC-SHA256 code for signing JWTs, webhook payloads, API requests, and OAuth tokens.

HMAC-SHA3 Generator

Generate an HMAC-SHA3 keyed-hash authentication code using the Keccak family for modern cryptographic workflows.

HMAC-SHA384 Generator

Generate an HMAC-SHA384 code for enterprise-grade message authentication and PCI-friendly signatures.

HMAC-SHA512 Generator

Generate an HMAC-SHA512 code for high-entropy signatures on large payloads and long-lived tokens.

NTLM Hash

Generate NTLM password hash

AES Encrypt / Decrypt

Encrypt plaintext with AES and a passphrase, or decrypt CryptoJS-formatted ciphertext back to readable text, entirely in your browser.

CRC16 Hash

Generate CRC-16 checksum