JWT Decoder & Encoder
Decode a JSON Web Token, or sign a new one with HS, RS, ES and PS algorithms. Everything runs locally - your tokens and keys never leave your browser.
Decoded locally in your browser. This tool does not verify the signature.
What is a JWT Decoder & Encoder?
A JSON Web Token (JWT) is a compact, URL-safe token made of three Base64URL parts - a header, a payload of
claims, and a signature. Decode reads the header and payload of any token, including timestamp claims
like exp, iat and nbf. Encode signs a brand-new token with the
algorithm of your choice - HMAC (HS256/384/512) using a secret, or RSA, ECDSA and RSA-PSS (RS, ES, PS) using
a private key. All signing happens in your browser with the Web Crypto API, so secrets and keys are never
sent anywhere.
How to use it
- Decode: paste a JWT to read its header, payload and claims.
- Encode: pick an algorithm, enter your payload and secret (HS) or PKCS#8 private key (RS/ES/PS), then click Encode / Sign.
- Copy any part you need. Nothing is uploaded or stored.
