JWT Generator
Sign JSON Web Tokens with HS256, HS384, HS512, RS256, RS384, RS512, ES256, or ES384. Live preview, browser-only — your secret never leaves the page.
Algorithm
Header (optional overrides)
alg and typ are set for you. Anything here merges on top.
Payload (claims)
HMAC secret
HMAC uses the raw bytes of this string. For HS256, RFC 2104 recommends a key at least as long as the hash output (32 bytes).
Signed JWT
Fill in the payload and key — token appears here.
Your secret never leaves your browser.
Signing uses the native Web Crypto API. The HMAC secret or PEM private key stays on your device — there is no server side. Safe to paste real keys while debugging or building integrations.
How to use it
- 1Pick a signing algorithm: HS* uses an HMAC secret string; RS* and ES* use a PEM-encoded private key.
- 2Edit the payload JSON with your claims (sub, iss, aud, custom data). Use the iat = now and exp +1h / +24h buttons to add timestamps without doing the math.
- 3For RS / ES algorithms, hit Generate keypair to create a fresh private key in your browser, or paste your own PEM.
- 4The signed JWT updates live as you type. Click Copy token to grab it, or open it in the JWT Decoder to verify.
Common use cases
- Create a test token for an authentication endpoint while building or debugging an API.
- Mint a short-lived JWT to reproduce a bug filed against your auth flow.
- Generate a token with a specific exp claim to test how your service handles expiry.
- Sign a payload with a known key and pass it through your verifier as an integration test.
- Hand a teammate a sample token plus the same key so both sides agree on the algorithm and claim shape.
Frequently asked questions
- Is my secret or private key uploaded anywhere?
- No. Signing uses the native Web Crypto API in your browser. The HMAC secret or PEM private key stays on your device — safe to paste real keys while debugging.
- Which algorithms are supported?
- HS256, HS384, HS512 (HMAC with a shared secret); RS256, RS384, RS512 (RSASSA-PKCS1-v1_5); ES256 and ES384 (ECDSA over P-256 and P-384). Eight total — the JWA-defined algorithms that browsers support natively.
- What key format does it expect for RS / ES?
- PEM-encoded PKCS#8 private keys — the format that begins with `-----BEGIN PRIVATE KEY-----`. Use the Generate keypair button to create one in-browser, or convert from openssl with `openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in your-key.pem`.
- What's the difference between HS and RS?
- HS (HMAC) uses one shared secret — anyone who can verify can also sign. RS / ES (asymmetric) uses a private key to sign and a public key to verify, so you can hand the public key to consumers without giving them the power to mint new tokens. RS / ES are the right choice for anything beyond a closed internal service.
- Can I override fields in the JWT header?
- Yes. Anything in the Header textarea merges on top of the auto-generated alg and typ — useful for adding kid (key id), x5t, or custom header claims your verifier expects.
- Does the token expire?
- Only if you include an exp claim. The exp +1h and exp +24h buttons add one for you. With no exp, the token is valid forever — usually a bad idea outside of testing.
- Can I verify a token here?
- Paste the signed JWT into the JWT Decoder to inspect header and payload. Verification (checking the signature against a key) is a separate flow — most servers do this; manual verification is rare outside of debugging.
Related tools
Base64 Encode / Decode
Encode and decode text and files to and from Base64.
HTML Live Preview
Write HTML, CSS, and JavaScript and see the result instantly.
JSON Formatter
Format, validate, minify, diff, and explore JSON — with optional on-device AI that summarizes any payload in plain English.
JWT Decoder
Inspect the header, payload, and expiry of any JSON Web Token — with optional on-device AI that explains what the token grants in plain English.
SQL Formatter
Beautify, format, and minify SQL queries for any dialect — with optional on-device AI that explains what a query does in plain English.
Unix Timestamp Converter
Convert Unix timestamps to dates and back, in any timezone.
Hash Generator
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes in your browser.
JSON to TypeScript
Generate TypeScript interfaces or type aliases from JSON.
Markdown to PDF
Convert Markdown to a beautifully styled PDF in your browser.
QR Code Generator
Make QR codes for websites, Wi-Fi passwords, contact cards, social handles, email, SMS, and more. Download as PNG or SVG — or as a ZIP with one branded QR per social platform.
Password Generator
Generate strong, secure passwords in your browser. Nothing is sent or saved to any server.
Text Diff
Compare two pieces of text and see line-by-line, word-by-word, or character-by-character what changed.
UUID / ULID Generator
Generate UUID v4, UUID v7, or ULID identifiers in bulk, instantly in your browser.
SVG to PNG / JPEG / WebP
Convert SVG to PNG, JPEG, or WebP at any size — quality slider, transparent or colored background, copy to clipboard. Free, in your browser.
URL Encoder / Decoder
Encode or decode URLs and query parameters with component-vs-full-URI scope, plus a query-string breakdown. Free, in your browser.
Regex Tester
Test JavaScript regular expressions with live highlighting and a capture-group inspector — plus an AI regex generator that turns plain-English descriptions into regex (on-device Gemini Nano).
Color Converter
Convert colors between HEX, RGB, HSL, HSV, and OKLCH, and generate tint, shade, and harmony palettes. Free, in your browser.
HTML ↔ Markdown Converter
Convert HTML to Markdown or Markdown to HTML with a live preview. GFM tables, fenced code blocks, inline formatting. Free, in your browser.
Cron Builder
Build cron expressions visually or describe the schedule in plain English and let on-device AI write it for you. Plain-English explanation, next 5 runs, presets.
YAML ↔ JSON Converter
Bidirectional YAML / JSON conversion with multi-document support and indentation control. Free, in your browser.
Convert CSV to JSON
Bidirectional CSV / TSV / JSON conversion. Custom delimiters, header detection, auto-typed numbers. Free, in your browser.
Word & Character Counter
Live word, character, sentence, and paragraph counts with reading and speaking time. Free, in your browser.
Lorem Ipsum Generator
Generate placeholder text — paragraphs, sentences, words, or HTML-wrapped output. Free, in your browser.
Image Compressor
Compress PNG, JPEG, and WebP images with a live quality slider and side-by-side preview. Free, in your browser.
Favicon Generator
Generate the full favicon set — ICO, PNGs at every size, apple-touch-icon, and PWA manifest — from one image. Free, in your browser.
AI Code Explainer
Paste code, get a plain-English explanation from on-device Gemini Nano — no upload, no API key, no signup.
CSS Gradient Generator
Build linear, radial, and conic CSS gradients visually with color stops, presets, and one-click copy. Free, in your browser.
Box Shadow Generator
Build CSS box-shadows visually with offset, blur, spread, opacity, and inset across stacked layers. Live preview, copy-ready CSS.
Mermaid Live Editor
Render Mermaid diagrams live — flowcharts, sequence, class, state, ER, gantt, pie, and mindmap. Export SVG or PNG.
X.509 Certificate Decoder
Paste a PEM-encoded X.509 certificate — inspect subject, issuer, validity, SANs, key usage, and SHA fingerprints. Free, in your browser.
Australian Medicare Number Generator
Generate and validate Australian Medicare card numbers instantly in your browser. Uses the official check-digit algorithm — perfect for testing and development.
Australian ABN Generator & Validator
Generate and validate Australian Business Numbers (ABN) using the official weighted checksum algorithm. Perfect for testing and development — runs entirely in your browser.
Australian ACN Generator & Validator
Generate and validate Australian Company Numbers (ACN) using the official check-digit algorithm. For testing and development — runs entirely in your browser.
Australian Tax File Number (TFN) Validator
Validate Australian Tax File Numbers (TFN) — checks format and the official check-digit algorithm. No TFN generation to protect against misuse. Runs entirely in your browser.
Australian BSB Number Validator
Validate Australian Bank State Branch (BSB) numbers — checks the 6-digit format and identifies the bank from the first two digits.
New Zealand IRD Number Generator
Generate and validate New Zealand IRD (Inland Revenue Department) numbers for testing and development. Uses the official check-digit algorithm.
New Zealand Business Number (NZBN) Generator
Generate and validate New Zealand Business Numbers (NZBN) — 13-digit GS1 identifiers used by NZ companies. For testing and development.
New Zealand Bank Account Number Validator
Validate New Zealand bank account numbers — checks the BB-BBBB-AAAAAAA-SS format, bank code, and overall structure.
Text Case Converter
Convert text between camelCase, PascalCase, snake_case, kebab-case, SCREAMING_SNAKE, Title Case and more — instantly in your browser.
Number Base Converter
Convert numbers between binary, octal, decimal, and hexadecimal — type in any field and the rest update live.
XML Formatter & Validator
Format, validate, and minify XML documents with custom indentation — uses the browser's native DOMParser, nothing uploaded.
CSS & JS Minifier
Minify CSS and JavaScript online — strip comments, collapse whitespace, and see byte-size savings. Runs entirely in your browser.