Learn about data security, encryption, hashing and encoding in our knowledge base.


A hash-based message authentication code (HMAC) is a type of message authentication code that uses a hash function in combination with a secret key to create a message digest (a unique representation of the message). It can be used to verify the integrity and authenticity of the message by ensuring that it has not been tampered with or altered in any way during transmission.

HMACs are created by performing the following steps:

  1. A message is input into a hash function along with a secret key.
  2. The hash function produces a message digest (a unique representation of the message).
  3. The message digest is encrypted using the secret key to create the HMAC.
  4. The HMAC is attached to the message and transmitted to the recipient.

To verify the HMAC, the recipient of the message performs the following steps:

  1. The HMAC is decrypted using the same secret key that was used to create it.
  2. A new message digest is created from the received message using the same hash function and secret key.
  3. The new message digest is compared to the decrypted HMAC.

If the message digests match, the HMAC is considered to be valid, and the message is authenticated as having been sent by the sender. If the message digests do not match, the HMAC is considered to be invalid, and the message is considered to have been tampered with or altered during transmission.

HMACs are widely used to secure communication and transactions over the Internet and are a key component of many security protocols. They provide a number of benefits, including:

  • Non-repudiation: HMACs provide evidence that a specific individual or entity created the message, which makes it difficult for the sender to deny having sent the message.

  • Integrity: HMACs help to ensure that the message has not been tampered with or altered in any way.

  • Authentication: HMACs provide a way to verify the identity of the sender of the message.

  • Confidentiality: HMACs can be used in conjunction with encryption to provide both confidentiality and authenticity for the message.