SHA2-based HMACs FIPS-180-4 [Update April 2020]
Hashed-key Message Authentication Codes (HMACs)
HMAC was devised by Hugo Krawczyk
The HMAC mechanism is described in RFC 2104:
Krawczyk, H., Bellare, M., and R. Canetti,
"HMAC: Keyed-Hashing for Message Authentication",
RFC 2104, February 1997.
A Hash-based Message Authentication Code can be
used to determine if messages sent over insecure
channels have been modified. This works by each
party at boths ends sharing a secret key used to
sign the sent message and to also authenticate
the received message. If the key is compromised
(no longer secret) then the authentication cannot
HMAC is used for message integrity checks between
two parties that share a secret key, and works in
combination with a SHA-2 message digest algorithm.
HMAC is a method for computing a keyed MAC using
a SHA-2 hash function. It uses a key to mix in with
the input data to produce the final message digest.
This class makes very fast open source code
performing all official SHA-2 hash functions
(224-256-384-512-512/224-512/256) available to
any OS on 32-bit x86 with rudimentary mmx.
Since SHA-2 is defined in terms of an arbitrary
number of bits, this HMAC code has been written
to allow the message input to HMAC to have an
arbitrary number of octets and bits.
More information about HMAC can be found at:
Now includes option for Finalize to also return the
message bit length. Latest 2020 update offers improved
performance of the as$embler algorithm and provides all
official digest size additions to the specification.
Update April 2020 supersedes all prior versions.
100% compatible with the SHA-2 specification.
The official publication is available free of charge from: