JWT generator & signer
Build and sign JSON Web Tokens with HMAC (HS256/HS384/HS512) using Web Crypto. For decode-only inspection use the JWT decoder. Secrets never leave the browser.
~~~
Warnings: HS256 secrets must be long and random (32+ bytes). Never put secrets or PII in the payload — it is only base64, not encrypted. RS256/ES256 need key pairs; use a proper library for asymmetric signing.
Signed JWT
Header
Payload
~~~
About this tool
Signs JWTs with HMAC via crypto.subtle — same algorithms browsers support for symmetric keys. Verification re-signs and compares. Production apps should use established libraries and never log secrets.
~~~