Quiz Entry - updated: 2026.07.14
What is HMAC, and how does it differ from a digital signature?
HMAC = a symmetric message authentication code built from a hash function: anyone with the shared key can both produce and verify a tag. A digital signature is asymmetric: only the holder of the private key can sign, but anyone can verify with the public key.
| HMAC | Digital signature | |
|---|---|---|
| Key model | Symmetric — same key signs and verifies | Asymmetric — private signs, public verifies |
| Size of tag | Hash output (32 bytes for HMAC-SHA-256) | Varies (64–256+ bytes for RSA-PSS / ECDSA / Ed25519) |
| Non-repudiation? | No — anyone with the key could have made the tag | Yes — only the private-key holder could have signed |
| Speed | Very fast (one hash + one keyed pass) | Slower (modular arithmetic / EC ops) |
| Common use | TLS record integrity, API request signing, JWT-HS256 | Software-update signatures, certificates, e-voting receipts |
When to use which:
- Two parties with a shared key, integrity-only need → HMAC.
- Need to prove to a third party who created the message → digital signature.
- Large public broadcast (e.g. firmware update for millions of devices) → signature; HMAC would require shipping the key with the firmware, defeating the point.
Tip: A common interview question: "Why doesn't TLS 1.3 use HMAC for record authentication?" Answer: it does, via AEAD (AES-GCM, ChaCha20-Poly1305), which is HMAC-style symmetric authentication baked into the cipher. Separate HMAC step was dropped because AEAD does both jobs in one operation.