Converter · SOTA SubtleCrypto + HMAC

Hash Generator (SHA-256, SHA-512, HMAC)

Generate SHA-256, SHA-384, SHA-512, SHA-1, MD5 and HMAC hashes with the Web Crypto SubtleCrypto API. Streaming file support, hex/base64 output, compare mode.

Mode: Text File Compare two

Text input

Algorithm

Output format

HMAC mode (RFC 2104)

Digest

How to Use Hash Generator in 3 Steps

Configure. Paste text or drop a file. The tool auto-detects input type (text or binary) and shows live progress for large files.
Process. Select algorithm (SHA-256 recommended, SHA-384/512 for long-term security, SHA-3 family, or legacy MD5/SHA-1) and optional HMAC mode with a shared key.
Export. Copy the digest in hex, base64, or base64url format. Compare mode lets you match two hashes for file verification.

Why Hash Generator on Pixlane

Cryptographic hashing is used for integrity verification, password storage schemes, file signatures, content-addressable storage, and session tokens. Pixlane uses the native Web Crypto SubtleCrypto API — the browser's FIPS-validated cryptographic primitives, identical to those used by banking and enterprise TLS.

SubtleCrypto Native — Uses window.crypto.subtle.digest() — the FIPS-validated browser cryptographic primitive. No JS implementations that can be tampered with.
HMAC Support — HMAC-SHA256 and HMAC-SHA512 via crypto.subtle.sign() — RFC 2104 compliant, used for JWT signing and API authentication.
Large File Streaming — Files hash via Blob.stream() — handles 1GB+ files without loading them into memory. Most competitors crash or silently truncate.
Multiple Formats — Output in hex (most common), base64 (shorter), or base64url (JWT-compatible, no padding). One-click switch.

Frequently Asked Questions

Which hash algorithm should I use?

SHA-256 is the modern default — used by TLS, Bitcoin, and most APIs. SHA-384/512 for long-term security or large documents. SHA-1 and MD5 are cryptographically broken; use them only for non-security purposes like checksums of known-good files.

What is HMAC and when do I need it?

HMAC (Hash-based Message Authentication Code) combines a hash with a secret key — it verifies both integrity AND authenticity. Use it when you need to prove a message came from someone with the shared key (e.g., webhook signing, JWT, API signatures).

Are my files sent to a server?

No. All hashing happens locally via the Web Crypto API. Your files and text — including sensitive data — never leave your device.

How large a file can I hash?

Files stream via Blob.arrayBuffer() in chunks, so file size is limited only by disk I/O and browser memory for the chunk buffer. 1GB+ files work without issue on modern browsers.