JWT Signer
Sign JSON Web Tokens with HMAC HS256 or HS512 using your own secret. Color-coded output shows the header, payload, and signature. For testing only; never use production secrets. Runs entirely in your browser.
Secure & Private Client-Side
This tool runs entirely in your browser. No data is sent to any server, ensuring your information remains private and secure.
About JWT Signer
Sign JSON Web Tokens with HMAC HS256 or HS512 using your own secret. Color-coded output shows the header, payload, and signature. For testing only; never use production secrets. Runs entirely in your browser.
Frequently Asked Questions
Which algorithms are supported? expand_more
HMAC-based HS256 and HS512. Asymmetric algorithms like RS256 require a private key and are not supported here.
Is the signature secure? expand_more
Only as secure as your secret. Use a long, random secret and never reuse a production secret in a browser tool.
What is the difference between signing and encrypting? expand_more
Signing proves authenticity and integrity but does not hide the payload. Anyone who intercepts the token can read the base64-encoded payload.
How do I inspect an existing token? expand_more
Use the [JWT Decoder](/tools/jwt-decoder/) to safely view the header and payload without verifying the signature.
Is my secret uploaded? expand_more
No. Signing happens locally in your browser.
Common Use Cases
- Local Testing: Build a JWT to test protected API endpoints.
- Learning: See how the header, payload, and signature fit together.
- Debugging: Reproduce auth issues by crafting tokens with custom claims.
- Demos: Generate example tokens for documentation and tutorials.