Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

The Keyed-Hash Message Authentication Code (HMAC)



Elaine B. Barker, Quynh H. Dang


[Superseded by FIPS 198-1(July 2008):] This standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative Approved cryptographic hash function, in combination with a shared secret key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. The HMAC specification in this standard is a generalization of Internet RFC 2104, HMAC, Keyed-Hashing for Message Authentication, and ANSI X9.71, Keyed Hash Message Authentication Code.
Federal Inf. Process. Stds. (NIST FIPS) - 198
Report Number


computer security, cryptography, HMAC, MAC, message authentication, Federal Information Processing Standard (FIPS)
Created March 6, 2002, Updated February 19, 2017