Local JWT decoder, signature verifier, and encoder
Supports 12 standard JWT algorithms (HS256/HS384/HS512, RS256/RS384/RS512, PS256/PS384/PS512, ES256/ES384/ES512) with decode, verify, and encode modes. Everything runs locally in your browser — no data is sent to any server.
Features
12 standard JWT signature algorithms
Decode mode: instantly parse Header and Payload
Verify mode: validate signature with a key
Encode mode: generate Token from custom Header and Payload
Automatic timestamp to date conversion
Fully local browser processing for privacy
How to use
1Select decode, verify, or encode mode
2In decode mode, paste a Token to view its contents
3In verify mode, select an algorithm and provide the key
4In encode mode, customize Header and Payload to generate a Token
5Use quick-action buttons to set timestamps easily
FAQ
What is JWT?
JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. The information can be verified and trusted because it is digitally signed.
Is my data uploaded to a server?
No. All JWT decode, verify, and encode operations run locally in your browser. Your tokens and keys never leave your device.
Which JWT algorithms are supported?
12 standard algorithms are supported: HMAC (HS256/HS384/HS512), RSA (RS256/RS384/RS512), RSA-PSS (PS256/PS384/PS512), and ECDSA (ES256/ES384/ES512).
What is the difference between decode and verify?
Decode only parses the Token's Header and Payload without checking the signature. Verify requires a key to confirm that the signature is valid and the Token has not been tampered with.
Why does verification fail?
Common reasons include: incorrect key, algorithm mismatch, token tampering, or incorrect key format (RSA/ECDSA require PEM format).