Hashed Message Authentication Code


Hashed Message Authentication Code (HMAC) is a cryptographic technique used to ensure data integrity and authentication in communication between two parties. It involves creating a unique, fixed-length signature or code by applying a hash function to a combination of the original message and a secret key. This generated code is then used to verify the authenticity and integrity of the message during transmission, ensuring that it hasn’t been tampered with or altered.


The phonetics of the keyword: “Hashed Message Authentication Code” are:/ˈhæʃt ˈmɛsɪdʒ ɔːˌθɛntɪkˈeɪʃən koʊd/Or, in the International Phonetic Alphabet (IPA):H – hæʃtM – mɛsɪdʒA – ɔːˌθɛntɪkC – eɪʃən- kode

Key Takeaways

  1. Hashed Message Authentication Code (HMAC) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key, providing data integrity and authenticity between two parties.
  2. HMAC is resistant to length-extension attacks, unlike regular hash functions, making it more secure for verifying the integrity of a message and ensuring it has not been tampered with during transmission.
  3. HMAC is widely adopted and supported in various cryptographic libraries and protocols (such as SSL/TLS), thus making it a popular choice for ensuring secure communication in numerous applications.


The term Hashed Message Authentication Code (HMAC) holds significant importance in the realm of technology because it serves as a powerful cryptographic tool designed to provide data integrity and authenticity between communicating entities.

It works by employing a secret cryptographic key in conjunction with a cryptographic hash function to generate unique codes or signatures, allowing secure verification of message integrity and confirmation that the message has not been tampered with during transmission.

The reliance of HMAC on a secret key ensures that only authorized parties with knowledge of the key can generate valid signatures, deterring potential unauthorized alteration or forgery.

As a result, HMAC is vital for securing sensitive data, protecting privacy, and maintaining trust in electronic communications.


Hashed Message Authentication Code (HMAC) plays a vital role in maintaining the security and integrity of data exchanged between two entities in the technological realm. Its primary purpose is to ensure that data transmitted through the internet has not been altered or tampered with, thereby providing a layer of security in communication systems.

HMAC is a popular cryptographic technique utilized in various authentication protocols such as Internet Protocol Security (IPsec), Secure Sockets Layer (SSL), and Transport Layer Security (TLS). These protocols ensure that the received message is authentic, remains confidential, and is sent by the source it purports to come from, offering users confidence in the legitimacy of the information being exchanged. In practice, HMAC involves the use of a secret key for generating a unique fixed-size value known as the ‘digest’ or ‘hash’ that is then encrypted with the data being sent.

The recipient decrypts the data using the same secret key, enabling them to verify its authenticity and integrity. If any unauthorized alterations or tampering were to occur while the data was in transit, the calculated hash on the receiving end would not match the original one, thus giving an indication that the information may have been compromised.

This process of generating, encrypting, and verifying the hash is instrumental in protecting sensitive data and ensuring secure communication between parties in various applications such as digital signatures, payment systems, and web-based services.

Examples of Hashed Message Authentication Code

Hashed Message Authentication Code (HMAC) is a cryptographic method used to verify the data integrity and authentication of a message. It combines a shared secret key with a standard cryptographic hash function to produce a unique message signature. Here are three real world examples of HMAC technology at work:

Secure File Transfer: Hash-based Message Authentication Codes (HMAC) are often employed in secure file transfer protocols like SCP (Secure Copy) and SFTP (SSH File Transfer Protocol) to ensure message authentication. When transferring a file, HMAC ensures that both the sender and the receiver can verify the integrity and authenticity of the file and any additional communication that takes place during the transfer process.

JSON Web Tokens (JWT): JWT is a commonly used token format that provides a compact and self-contained means for securely transmitting information between parties as a JSON object. HMAC can be applied as a signature algorithm in the JWT protocol, ensuring that the token has not been tampered with. This plays an important role in secure web applications, where JWTs are used for user authentication and authorization.

TLS/SSL Protocols: Transport Layer Security (TLS), and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communication over a computer network, like when browsing the internet. HMACs are an integral part of both TLS and SSL, as they authenticate the encrypted data packages that are exchanged between a client and server. By using HMAC, these protocols help guard against attackers attempting to intercept and manipulate data during transmission.

FAQ: Hashed Message Authentication Code

What is a Hashed Message Authentication Code (HMAC)?

A Hashed Message Authentication Code (HMAC) is a cryptographic algorithm that uses a hash function in combination with a secret key to securely authenticate messages between two parties. HMAC ensures both data integrity and data origin authentication, providing a way to verify the authenticity and integrity of a message.

How does an HMAC work?

To create an HMAC, a sender inputs a shared secret key and a message into the HMAC algorithm. The algorithm then produces a fixed-length hash code which is attached to the message. The receiver, who has the same shared secret key, applies the same HMAC algorithm to the incoming message and compares the resulting hash code with the hash code attached to the message. If the codes match, it indicates the message is authentic and hasn’t been tampered with during transit.

What are the benefits of using HMAC?

HMAC provides a secure method to authenticate messages and verify their integrity. Some benefits include protection against message tampering, altered or spoofed messages, and man-in-the-middle attacks. HMACs use secret keys, which further enhance security by ensuring only parties with the shared key can authenticate messages.

What hash functions are commonly used with HMAC?

Popular hash functions used in combination with HMAC include MD5 (HMAC-MD5), SHA-1 (HMAC-SHA1), SHA-256 (HMAC-SHA256), and SHA-3 (HMAC-SHA3). The strength and security of the HMAC depend on the chosen hash function and the length of the secret key.

What applications use HMAC?

HMAC is widely used in various applications, including secure communication protocols like SSL/TLS and IPsec, web services such as RESTful APIs, and message authentication in secure instant messaging and email systems. HMAC is also used in payment systems and devices like hardware security modules (HSMs) to secure financial transactions.

Related Technology Terms

  • Keyed Hash Function
  • Cryptographic Hash Function
  • Message Integrity
  • Authenticated Encryption
  • MAC Algorithm

Sources for More Information


About The Authors

The DevX Technology Glossary is reviewed by technology experts and writers from our community. Terms and definitions continue to go under updates to stay relevant and up-to-date. These experts help us maintain the almost 10,000+ technology terms on DevX. Our reviewers have a strong technical background in software development, engineering, and startup businesses. They are experts with real-world experience working in the tech industry and academia.

See our full expert review panel.

These experts include:


About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

More Technology Terms

Technology Glossary

Table of Contents