The Keyed-Hash Message Authentication Code (HMAC)

National Institute of Standards and Technology

doi:https://doi.org/10.6028/NIST.FIPS.198-1

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov.

FIPS 198-1

The Keyed-Hash Message Authentication Code (HMAC)

Documentation Topics

Date Published: July 2008

Supersedes: FIPS 198 (03/06/2002)

Planning Note (11/04/2022):

This publication was reviewed by the Crypto Publication Review Board. It will be converted to a new NIST Special Publication, NIST SP 800-224.

FIPS 198-1 will be withdrawn when NIST SP 800-224 is published.

See the announcement of this decision for more details, including ways to monitor the development of NIST SP 800-224.

Author(s)

National Institute of Standards and Technology

Abstract

This Standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative Approved cryptographic hash function, in combination with a shared secret key.

Keywords

MAC; message authentication; Federal Information Processing Standards (FIPS); computer security; HMAC; cryptography

Control Families

Audit and Accountability; System and Communications Protection; System and Information Integrity

Documentation

Publication:
https://doi.org/10.6028/NIST.FIPS.198-1
Download URL

Supplemental Material:
None available

Document History:
07/16/08: FIPS 198-1 (Final)

Topics

Security and Privacy

message authentication

Laws and Regulations

Federal Information Security Modernization Act