HMAC

HMAC uses a shared secret with a hash to provide integrity and authenticity.

Updated: 2026-03-05

Definition

HMAC (Hash-based Message Authentication Code) combines a cryptographic hash function with a shared secret key.

It verifies message integrity and authenticity: only someone with the secret key can generate a valid HMAC.

Key points

Integrity + authenticity (shared secret)
Not encryption (does not hide content)
Often used in APIs and token signing components

Common mistakes

Using HMAC when you actually need encryption (confidentiality).
Reusing keys across different purposes without separation.

Related exams

CompTIA Security+ (SY0-701)

Free Security+ SY0-701 mini test. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.