Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

The Keyed-Hash Message Authentication Code (HMAC)

Published

Author(s)

Quynh H. Dang

Abstract

This Standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative Approved cryptographic hash function, in combination with a shared secret key. [Supersedes FIPS 198 (March 2002): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=901425]
Citation
Federal Inf. Process. Stds. (NIST FIPS) - 198-1
Report Number
198-1

Keywords

computer security, cryptography, HMAC, MAC, message authentication, Federal Information Processing Standards (FIPS)

Citation

Dang, Q. (2008), The Keyed-Hash Message Authentication Code (HMAC), Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.FIPS.198-1 (Accessed March 29, 2024)
Created July 16, 2008, Updated November 10, 2018