JPKCom DB

Hash Generator — Manual

Full feature reference for the Hash Generator: text and file hashing, every algorithm, HMAC, hex output, the passphrase generator, and the limits.

Back to the overview: Hash Generator · Open the tool live: www.jpkc.com/tools/hash/

This manual describes the Hash Generator in full: how text and file hashing work, which algorithms exist, what HMAC does, and what limits apply.

Layout of the interface

The tool is split into two areas:

  1. Text hashing (top) — on the left the input (Input with the Message field and the optional HMAC Secret Key), on the right the output (Output) and the Algorithms buttons.
  2. File hashing (File Hash, bottom) — on the left a drop area for a file, on the right the result table File Checksums.

Text hashing

Input and flow

You type or paste your text into the Message field (a multi-line text area, placeholder "Enter text to hash…"). Then you click one of the Algorithms buttons. Important: the hash is computed when you click an algorithm button, not automatically as you type — so you deliberately choose which algorithm to see. The result appears in the Output field as a hexadecimal string.

The Output field is editable (contenteditable), and the Copy button next to it puts the displayed hash on your clipboard. Before your first click it shows the hint "Select an algorithm below…".

The Message field also keeps a local history: after each hash, the message is saved so you can recall earlier inputs.

Output encoding

All text hashes are output as hexadecimal (CryptoJS.enc.Hex) — lowercase, no separators. There is no Base64 or other encoding for the text output. The output length depends on the algorithm (e.g. 32 hex characters for MD5, 64 for SHA-256, 128 for SHA-512).

The algorithms in detail

The buttons are grouped by family. Each plain button produces the raw hash; the HMAC buttons produce the keyed variant (see below).

MD5

  • MD5 — 128-bit hash, 32 hex characters. Very fast but cryptographically broken (collisions are practically achievable). Use only as a non-security checksum.
  • HMAC (HMAC-MD5) — MD5 with a secret key.

SHA-1 / SHA-2

  • SHA-1 — 160-bit, 40 hex characters. Also broken; for compatibility or simple checksums only.
  • 224 (SHA-224) — 56 hex characters.
  • 256 (SHA-256) — 64 hex characters. Today's standard for file integrity.
  • 384 (SHA-384) — 96 hex characters.
  • 512 (SHA-512) — 128 hex characters.
  • Each of these five has its own HMAC button (HMAC-SHA-1, HMAC-SHA-224/256/384/512).

SHA-3

  • 224, 256, 384, 512 (SHA-3 (224/256/384/512)) — the modern Keccak-based family. Unlike SHA-2: only the 512-bit variant has an HMAC button (HMAC-SHA-3); SHA-3 (224/256/384) have no HMAC button.

RIPEMD

  • RIPEMD-160 — 160-bit, 40 hex characters.
  • HMAC (HMAC-RIPEMD-160) — with a secret key.

HMAC — keyed authentication

HMAC stands for Keyed-Hash Message Authentication Code. Unlike a plain hash, HMAC combines the message with a secret key — so you can verify not only that a message is unchanged, but that it came from someone holding the key (authenticity). Typical use: API request signatures and webhook verification.

How to use it:

  1. Enter your key in the HMAC Secret Key field (marked "(optional)" in the tool, with the note "Required for HMAC variants" — i.e. needed for the HMAC buttons).
  2. Click an HMAC button (e.g. HMAC next to SHA-256).
  3. The result is the HMAC of the message under that key, again as hex.

Passphrase generator (key button)

Next to the key field sits a button with a key icon ("Generate secure passphrase"). It fetches a 64-character random passphrase from the server and writes it into the HMAC Secret Key field. The string is generated server-side with a cryptographically secure random generator (random_int) from upper/lowercase letters, digits, and special characters. This is the only server interaction of the tool — the text you hash is never transmitted.

File hashing (File Hash)

The File Hash area computes checksums for an entire file — handy for verifying a download against a published value.

Choosing a file

Drag a file via drag & drop into the drop area ("Drag & drop a file here") or click it to open the file dialog. The name and size are then shown; the X removes the selection again. The maximum is 100 MB — larger files are rejected with an error message.

Hashing

Clicking Hash File reads the file locally as an ArrayBuffer (via the browser's FileReader) and computes eight checksums at once. A progress indicator runs during the computation ("Computing hashes…"). The results appear in the File Checksums table, each with its own copy button.

Computed — in this order — are MD5, SHA-1, SHA-256, SHA-384, SHA-512, SHA-3 (256), SHA-3 (512), RIPEMD-160 (all as hex). Note: file hashing covers a slightly different selection than text hashing — SHA-224, SHA-3 (224), and SHA-3 (384) are not included here, and HMAC is text-only.

The tech behind it

  • SHA-1, SHA-256, SHA-384, SHA-512 run through the browser's native Web Crypto API (crypto.subtle.digest) — fast and asynchronous.
  • MD5, SHA-3 (256), SHA-3 (512), RIPEMD-160 are computed by CryptoJS, because the Web Crypto API doesn't offer these algorithms.

Here too: everything happens locally in the browser. The file is never uploaded.

Operational limits — in brief

  • Privacy: text and files are processed strictly client-side; only the optional passphrase generator contacts the server (and sends none of your content).
  • File limit: max 100 MB per file.
  • Output: always hexadecimal, lowercase.
  • Text computation: button-triggered (one click per algorithm), not live as you type.
  • HMAC: a key in the HMAC Secret Key field is required; not available for every SHA-3 subtype (only SHA-3 (512)).

For the introduction and the audiences, see the overview page. Concrete workflows are in the examples, the security context in the tips & tricks. You can try everything directly in the tool.