Why do I paste a private key, not a public one?

The **private key signs**, the **public key verifies**. If someone gets your private key, they can **impersonate you**. You publish the public key everywhere (a public /.well-known/jwks.json endpoint). That is the fundamental asymmetry of public-key crypto.

What does "alg: none" in the header mean?

**An antipattern, never use it**. "alg: none" means an unsigned JWT, anyone can forge it. Some libraries from 2015 to 2018 incorrectly accepted it (a famous CVE), modern libraries (jose, jsonwebtoken) reject it. This tool rejects it too.

What are the exp, iat, nbf claims?

**Standard claims** (registered in RFC 7519): **iat** (issued at), **exp** (expires at), **nbf** (not valid before). Verify checks them automatically. Without exp, a token **never expires**, dangerous.

Does my secret or key go to your server?

**No**. Everything happens in your browser (the jose library, the de-facto Node.js standard). Open **DevTools → Network**, you will see zero requests during signing. Our server only delivers static HTML/JS/CSS.

PS256 vs RS256, what is the difference?

Both use RSA, but **PS256 (RSA-PSS) is the safer variant**. RS256 uses the legacy deterministic scheme (PKCS#1 v1.5), PS256 uses a probabilistic one (with a random salt). RFC 7518 recommends PS for new apps, but RS256 still dominates by sheer compatibility.

Is ES256 better than RS256?

**Yes, for new applications**. ES256 (ECDSA P-256) uses 256-bit keys (vs RSA-2048), produces shorter tokens, signs faster. Auth0, Apple Sign In, AWS IAM all use ES256. Caveat: **deterministic ECDSA needs a good RNG**, historic implementation bugs have been disastrous (the PlayStation 3 hack). The jose library implements it correctly.

How long should an HMAC secret be?

For HS256: **at least 256 bits (32 bytes)**. For HS512: at least 512 bits. Too short and brute force becomes feasible. Do not type "secret123", grab a random string from the [password generator](/en/password-generator) (32+ characters).

Can I use JWT for browser sessions?

You can, but **not recommended**. JWTs in localStorage are vulnerable to XSS. **Better: server sessions + httpOnly cookies**. Keep JWT for API-to-API, microservices, mobile, SSO. See "Why JWT Sucks as a Session Token" (an Auth0 article, which is funny because they literally sell JWT).

Why three SHA sizes (256/384/512)?

**Different hash output sizes**. SHA-256 = 256-bit hash (fastest, most common), SHA-384 and SHA-512 = bigger (stronger, but longer tokens). **In practice:** HS256/RS256/ES256 are standard. Use 384 or 512 only when a regulation demands it (FIPS, certain industries).

YourDevToolsPro

JWT Signer / Verifier

Sign a JWT with a secret or private key. Verify an existing token. HS/RS/ES/PS 256/384/512.

LiveRuns in your browser

JWT: sign and verify

Sign a new JWT or verify an existing one. Every algorithm (HS/RS/ES/PS), full control over header and payload. Runs entirely in your browser.

Algorithm

HMAC with a shared secret. Simplest, most common. Secret must be at least 32 characters.

Header (JSON)

Payload (JSON)

Add exp:

Secret (HMAC)

Your secret and private key never leave your browser.

What does it mean to "sign a JWT" and why does it matter?

A JWT has three parts: header, payload, signature. The first two are plain base64 (anyone can read them), the third is a cryptographic signature that proves no one tampered with the data along the way.

Here you sign a JWT or verify an existing signature. We support every standard algorithm: HS256/384/512 (symmetric, secret-based), RS256/384/512 (RSA), ES256/384/512 (ECDSA), PS256/384/512 (RSA-PSS).

Everything runs locally. Your secret or private key never leaves your browser. This is a different tool from the JWT Decoder (which only decodes, no signing).

How to use

Sign mode: header JSON on the left, payload JSON on the right. Pick an algorithm from the first row of pills.
HMAC (HS256/384/512): provide a shared secret (string), the same secret is used to verify later. Simplest setup, most APIs use HS256.
Asymmetric (RS/ES/PS): paste a PEM private key (PKCS#8). You give the public key to consumers of the token. Safer because the token issuer does not know the consumer secrets.
exp helper: adds an "expires in 1h/1d/30d" claim to the payload. A JWT without exp is dangerous (never expires).
Verify mode: paste a JWT and the key/secret. Green check = all good. Red X = invalid signature, expired token, or another issue.

When to use it

Five common situations where you sign or verify a JWT:

Creating a user session in your API. After login, generate a JWT with user_id, role, exp, sign with HS256 + secret.
API key for a partner integration. Issue a long-lived JWT (exp = +1 year), the partner attaches it to every request.
Password reset. Send an email with a link containing a JWT (exp = +1h, payload = user_id), user clicks, you verify.
Webhook signatures. Your API signs the webhook payload, the partner verifies with a public key before trusting.
Single Sign-On (SSO). An identity provider (Auth0, Okta) issues a JWT, every app in the organization verifies it with the public key.

To only decode a JWT (no signing), use the JWT Decoder. To generate a keypair for signing, use the JWT Keypair Generator.

Questions and answers

HS256 for simple cases (one API, one client). Shared secret, smaller tokens, faster verification. RS256 for many consumers or microservices: the server signs with a private key, every microservice verifies with the public key (published as JWKS). Standard in 2025 for API ecosystems.

Related tools

JWT decoder

Paste a JWT, see the decoded header, payload and signature. Readable claims view (iss, sub, exp, iat), expired-token detection, no data sent.

JWT Keypair Generator

Generate a JWT signing keypair: RS256/RS384/RS512, PS256, ES256/ES384/ES512 or EdDSA. PEM + JWK + sample signed JWT. Server-side, never stored.

Full name

Generate an OpenPGP keypair (Ed25519 or RSA) right in your browser. Armored ASCII format, ready to import.

AES Encrypt / Decrypt

Encrypt text with a password (AES-GCM 256). Runs in your browser, nothing leaves the device.

CSR Generator

Generate a CSR (Certificate Signing Request) and matching private key in your browser. RSA, ECDSA, SANs, PEM.