JWT token decoder tool icon
Crypto & security tools

JWT token decoder

Free online JWT token decoder: decode header/payload, inspect signature segment format and common claims, all locally in your browser.

JWT input
Note: this tool only decodes and shows header/payload. It does not verify signatures and never asks for secrets.
Structure info
Algorithm: -
Type: -
Expires (exp): -
Not before (nbf): -
Issued at (iat): -
Hint: exp/nbf/iat in JWT payload are typically Unix timestamps in seconds; this tool converts them into your local time.
Header
Payload
Signature

How to Use

1. Input Token: Paste your JWT string into the "JWT input" box on the left. 2. Auto Decode: The tool automatically parses the Header, Payload, and Signature segments. 3. View Details: The right side shows the decoded JSON for Header and Payload, along with structure info (algorithm, expiration, etc.). 4. Copy Result: Click the "Copy" button on each section to extract the content.

Tips & FAQ

Local & Secure All decoding is done locally in your browser. Your token is never uploaded to any server.

Timestamp Conversion The tool automatically converts Unix timestamps in the Payload (like `exp`, `nbf`, `iat`) into your local readable time format.

Signature Verification This tool is for decoding and display only. It does not verify signatures (as that would require your secret key, which we recommend against entering online).

File Encryption

File Encryption

Encrypt or decrypt files locally with AES-256-GCM and download either the JSON payload or the restored file, all in the browser.

PEM/JWK Converter

PEM/JWK Converter

Convert PEM/DER/JWK/JWKS locally, export JWK/JWKS and PEM/DER, and inspect key details.

ZIP Encryptor

ZIP Encryptor

Free online ZIP Encryptor. Pack files into ZIP and encrypt with AES-256-GCM locally.

AES-256

AES-256

Lightweight, privacy-first online tools that run entirely in your browser. AES encryption and word counter are available now, more utilities coming soon.

RSA key generator

RSA key generator

Generate RSA-OAEP key pairs locally in your browser and export PEM public/private keys for testing and development.

Salt generator

Salt generator

Generate cryptographically secure random salt values locally in your browser with configurable length and Hex/Base64/Base64URL output formats, ideal for password hashing and token signing.

Password strength checker

Password strength checker

Evaluate password length, character types, diversity and common patterns, and combine this with database breach checks via k-anonymity so only hash prefixes are sent and your plain password stays on your device.

API key generator

API key generator

Securely generate various types of API keys with custom formats and batch generation, all locally in your browser.

Random number generator

Random number generator

Configure minimum/maximum range, count, uniqueness and output format to generate random integers using crypto.getRandomValues locally in your browser for draws, test data and simulations.

JWT generator

JWT generator

Edit JWT header and payload, choose HS256/HS384/HS512 or none, and generate signed tokens locally in your browser via Web Crypto without uploading secrets, ideal for API auth testing.

HMAC generator

HMAC generator

Generate HMAC values locally in your browser using SHA-1 / SHA-256 / SHA-512 with text or hex keys, and view Hex and Base64 outputs without uploading any data.

Hash generator and checker

Hash generator and checker

Compute MD5 / SHA-1 / SHA-256 / SHA-512 hashes for text or files locally in your browser and optionally compare them with an expected value.

Base64 encoder / decoder

Base64 encoder / decoder

Encode or decode UTF-8 text to and from Base64, including URL-safe mode, with all processing done locally in your browser.

CSR generator

CSR generator

Generate Apple Developer certificate CSRs and RSA key pairs locally in your browser.

DES

DES

Legacy-compatible DES encrypt/decrypt tool with CBC/ECB modes and local-only processing.

Password Hash

Password Hash

Generate or verify bcrypt/argon2id password hashes locally in your browser with no uploads.