Outcome
A separated view of decoded fields, verification status, weak algorithms, expiry timestamps, and supporting certificate material.
Filtrez rapidement les outils selon la tâche et ouvrez le flux le plus adapté.
Workflow
Inspectez tokens, certificats et clés en séparant décodage et vérification.
Use this path before debugging JWT claims, certificates, JWKs, or hash evidence copied from an auth incident or staging integration.
A separated view of decoded fields, verification status, weak algorithms, expiry timestamps, and supporting certificate material.
These workflow pages do not process, collect, or store tool input. Use the linked tools directly and review their trust badges before handling sensitive data.
Start with the local token decoder to inspect header and payload fields while keeping signature verification as a separate step.
Décodeur JWTReview exp, nbf, iat, and alg values, especially none, MD5-era hashes, and tokens copied from untrusted channels.
Atelier JWTUse the verifier with the expected secret or public key before treating decoded claims as trustworthy.
Vérificateur de signature JWTNormalize JWKs, public keys, and certificate data when the verification key is unclear.
Assistant clé publique JWKDécodez localement les payloads JWT et inspectez les claims.
Encodez, décodez et vérifiez des JWT dans un seul espace de travail local-first.
Vérifiez les signatures JWT (HMAC) et validez les claims — entièrement côté client.
Convertissez localement les clés publiques PEM/SPKI et JWK, inspectez les métadonnées et calculez les empreintes RFC 7638 sans téléverser de matériau de clé.
Décodez les certificats X.509 encodés en PEM et inspectez tous les détails localement.
Générez rapidement des hash MD5, SHA1, SHA256 et SHA512.
Avoid common JWT handling mistakes when reviewing decoded or verified tokens.
Understand certificate chain fields before debugging key and token verification.
Choose hash algorithms deliberately when reviewing evidence or compatibility.
No. Decoding only makes the header and payload readable. Verification requires the expected algorithm and key material.
Inspect certificates when the signing key chain, public key format, or issuer data is part of the verification question.
Share only redacted claims that are necessary for the review. Remove tokens, subject identifiers, emails, and organization-specific secrets.