U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

The Keyed-Hash Message Authentication Code (HMAC)

Published

Author(s)

National Institute of Standards and Technology (NIST), Quynh Dang

Abstract

This Standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative Approved cryptographic hash function, in combination with a shared secret key. [Supersedes FIPS 198 (March 2002): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=901425]
Citation
Federal Inf. Process. Stds. (NIST FIPS) - 198-1
Report Number
198-1
NIST Pub Series
Federal Inf. Process. Stds. (NIST FIPS)
Pub Type
NIST Pubs
Supercedes Publication
The Keyed-Hash Message Authentication Code (HMAC)

Download Paper

https://doi.org/10.6028/NIST.FIPS.198-1
Local Download

Keywords

computer security, cryptography, HMAC, MAC, message authentication, Federal Information Processing Standards (FIPS)
Information technology and Cybersecurity and privacy

Citation

(NIST), N. and Dang, Q. (2008), The Keyed-Hash Message Authentication Code (HMAC), Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.FIPS.198-1, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=901614 (Accessed November 19, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created July 16, 2008, Updated September 29, 2025
Was this page helpful?