AES-CMAC Generator Verifier
Generate and verify AES-CMAC values for secure message integrity validation.
Loading AES-CMAC Generator/Verifier...
How to Use AES-CMAC Generator/Verifier
Create or validate AES-CMAC tags for signed payloads and message authentication checks.
Choose Input Format and Paste Message
Enter the message in UTF-8, HEX, or Base64 format based on how your application computes CMAC. Keep the format identical to your backend implementation to avoid mismatches. CMAC specification is defined in RFC 4493 and NIST mode guidance is in NIST SP 800-38B.
Example: Known AES-CMAC Test Vector
Key (hex): 2b7e151628aed2a6abf7158809cf4f3c Message (hex): 6bc1bee22e409f96e93d7e117393172a
Set AES Key and Mode
Provide a HEX key that matches AES-128 (16 bytes) or AES-256 (32 bytes). The key must match exactly with the key used by your sender service. For key management practices, review OWASP cryptographic storage guidance and use AES Key & IV Generator for test data.
Verify Against an Expected CMAC
Paste an expected tag in HEX to validate integrity. A match confirms message + key + mode alignment. A mismatch means at least one of these changed: message bytes, key bytes, or input encoding. This is useful for API webhook signature validation and device protocol troubleshooting.
Expected Tag Output
CMAC (hex): 070a16b46b4d4144f79bdd9dd04a287c
Export and Reuse Securely
Copy or download the result for test automation and release validation. Always keep CMAC keys secret and rotate them based on your key lifecycle policy. For related payload processing, combine this with AES HEX/Base64 tools and AES decryption workflows.
Frequently Asked Questions
What is AES-CMAC used for?
AES-CMAC is used to validate message integrity and authenticity in APIs, payment systems, and IoT protocols.
Is CMAC the same as encryption?
No. CMAC generates an authentication tag. It does not encrypt message content.
Why am I getting CMAC mismatch?
Most mismatches come from input encoding differences (UTF-8 vs HEX), wrong key, or extra whitespace bytes.
Can I use AES-256 for CMAC?
Yes. CMAC supports AES-128 and AES-256 keys when key lengths are correct.
Should CMAC key be same as encryption key?
Best practice is to separate keys for encryption and authentication wherever possible.
How do I test interoperability?
Run known test vectors from RFC 4493 and compare output byte-for-byte across your backend and this tool.
Related Tools
AES Encryption
AES encryptor online - Encrypt text, JSON, and files with AES-128 or AES-256. Support for CBC, GCM, and CTR cipher modes. Military-grade encryption with automatic key generation.
AES Decryption
AES decryptor online - Decrypt AES-encrypted data with AES-128 or AES-256. Support for CBC, GCM, and CTR modes. Restore your encrypted files securely.
AES Key & IV Generator
Generate secure AES-128 or AES-256 encryption keys and initialization vectors (IV) in hex or Base64 format.
AES-GCM Encrypt/Decrypt
Encrypt and decrypt data specifically in AES-GCM mode with AES-128 or AES-256 and Base64 ciphertext output.
AES-CBC Encrypt/Decrypt
Encrypt and decrypt data specifically in AES-CBC mode with AES-128 or AES-256 and Base64 ciphertext output.
AES-CTR Encrypt/Decrypt
Encrypt and decrypt data specifically in AES-CTR mode with AES-128 or AES-256 and Base64 ciphertext output.