About this tool

Restore JWT (JSON Web Token) headers and payloads from Base64URL to inspect them, and verify HS/RS/PS/ES/EdDSA signatures entirely in the browser. Edit the JSON and generate new tokens end-to-end. All processing takes place entirely in your browser; no data is transmitted.

How to use

1. Paste a JWT and click Decode to view the formatted header, payload, and signature.
2. Provide the appropriate public key or shared secret and click Verify signature; review exp/nbf/iat/iss/sub/aud as needed and rotate keys for kid values manually.
3. Edit the header and payload, choose an algorithm and key, then click Generate token. Use “Load into decoder” for immediate self-verification.

Additional notes

• Supported algorithms: HS256/384/512, RS256/384/512, PS256/384/512 (PSS saltLength equals hash length), ES256/384/512 (auto DER ⇔ raw conversion), and EdDSA (Ed25519).
• Base64URL replaces + with -, / with _, and omits trailing =; the decoder ignores extra whitespace.
• The UI warns when SubtleCrypto lacks algorithm support. EdDSA is available only in browsers that implement it.
• exp/nbf/iat are compared in UNIX seconds; aud matches succeed when at least one expected value appears.

Cautions

• Only paste private keys on trusted devices. Nothing is stored, and inputs can be cleared automatically when you leave the page.
• Use alg=none tokens only when you fully understand the implications and truly need them.
• No network communication occurs, and the tool never fetches external JWKS by kid.

All processing takes place entirely in your browser; no data is transmitted.

Browser compatibility

Designed for current Chrome, Edge, Firefox, and Safari. iOS Safari may lack EdDSA or other algorithms, limiting signing and verification.