Decode, visualize, and cryptographically verify JSON Web Tokens directly in your browser. No server upload — your tokens stay private. Full support for HS256, RS256, ES256 signature validation with local cryptographic operations.
JSON Web Token (JWT, RFC 7519) is an open standard for securely transmitting information between parties as a compact, URL-safe JSON object. JWTs are digitally signed using a secret (HMAC) or a public/private key pair (RSA or ECDSA). They are widely used in authentication, authorization, and API security (OAuth2, OpenID Connect).
JWT Structure: header.payload.signature
Header – contains metadata like the signing algorithm (alg) and token type (typ).
Payload – contains claims (registered, public, private).
Signature – ensures integrity and authenticity; created by signing the concatenated header and payload with the secret/key.
An unverified JWT can be maliciously crafted. Attackers can alter claims (e.g., elevate privileges, extend expiry) if the signature is not validated. This tool performs full signature validation for HS256 (HMAC-SHA256), RS256 (RSA-SHA256) and ES256 (ECDSA-SHA256) using Web Crypto API, ensuring you can trust the token before accepting its contents.
exp (expiration), aud (audience), and iss (issuer) claims.
| Algorithm | Key type | Verification method (local) | Use case |
|---|---|---|---|
| HS256 | Symmetric secret | HMAC-SHA256 recomputed & compared in constant-time | Single-server / internal microservices |
| RS256 | RSA public key (PEM) | WebCrypto RSASSA-PKCS1-v1_5 with SHA-256 | OAuth2 / OpenID Connect, distributed trust |
| ES256 | ECDSA public key (PEM) | WebCrypto ECDSA with P-256 curve & SHA-256 | Modern, lightweight public key signatures |
? Generate RSA key pair (for RS256) using OpenSSL:
# Generate private key openssl genrsa -out private.pem 2048 # Extract public key openssl rsa -in private.pem -pubout -out public.pem
Paste the contents of public.pem (including -----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY-----) into the verification key field to test RS256 signatures.
⚡ Generate ECDSA key pair (for ES256):
openssl ecparam -genkey -name prime256v1 -out private_ec.pem openssl ec -in private_ec.pem -pubout -out public_ec.pem
Note: For HS256, simply use any strong random string as the shared secret.
If a server accepts tokens with the alg header set to HS256 but expects an RS256 public key, an attacker can sign the token using the public key (which is often exposed) as if it were an HMAC secret. The server will then verify the token as valid, leading to privilege escalation.
Defense: Always enforce strict algorithm mapping. Reject tokens where the alg does not match the expected key type. Our verification tool rejects HS256 when a public key is provided and flags algorithm mismatches.
The kid (Key ID) header parameter is used to reference a specific key from a set. Attackers can inject kid values like ../../../../etc/passwd or http://evil.com/key.json to force the server to load an arbitrary key file or URL, potentially bypassing signature verification.
Defense: Whitelist allowed kid values, avoid dynamic file reads, and never use user-controlled input to load cryptographic keys. Our inspector displays the kid field if present, allowing you to audit it.
The jku (JSON Web Key Set URL) header tells the server where to fetch the public key. Attackers can point jku to a malicious URL hosting their own key, thereby creating a valid signature for any forged token.
Defense: Strictly whitelist trusted jku endpoints or ignore jku entirely. Prefer pre‑configured keys. Use this debugger to inspect any suspicious jku or kid fields.
kid, jku, or x5u. Always verify signatures with the correct expected key before trusting the token.
kid, jku, or x5u fields. If they point to external URLs or unusual paths, the token might be malicious.