KMAC256
Calculate a variable-length KMAC256 message authentication code from text using a secret key and optional customization string. Expand to read more.
What is KMAC256?
KMAC256 is a keyed message authentication code based on cSHAKE256 and standardized in NIST SP 800-185. It supports a general 256-bit security strength and produces the requested tag length from a secret key, message, and optional customization string. It is a native Keccak construction, not HMAC applied to SHA3-256.
How to use this hash calculator
Enter the message and select its byte encoding. Enter the secret Key with the correct encoding, choose an output length, and supply Customization only when required by the protocol. Customization is a public domain-separation label and must match exactly; it is not an authentication tag or extra key.
Result example
For UTF-8 message abc, key key, customization custom, and a 512-bit output, KMAC256 is f366dd5aaeaf403b8c2a9ecfcac666a49089124fb1eccc178eeadf86cba8a09ad2ffdc71e8f8da477cfd83be95b0486152439605bc6df939abb31030aafa2582 in Hex.
Important limitations
KMAC authenticates but does not encrypt the message. Use a securely generated and managed secret key rather than assuming a short password is suitable. Anyone who learns the key can create valid tags. Production verifiers should use a constant-time tag comparison.
Frequently asked questions
Why does my result differ from another tool?
Check message, key, and customization bytes as well as output length and encodings. KMAC256 and KMACXOF256 are different because fixed-length KMAC incorporates the requested output length into the calculation.
Can I use the result to verify data?
Yes, when the verifier independently possesses the same secret key and parameters. For files, use KMAC256 File Hash.