JWT Verifier
Decode and verify JSON Web Token signatures in real time. Paste your token, enter your secret or public key, and instantly see whether the signature is valid — plus decoded claims and expiry status. Your tokens never leave your device.
JWT Verifier
HS256 · HS384 · HS512 · RS256 · RS384 · RS512 · ES256 · ES384 · ES512JWT Token
Secret / Public Key
Paste a JWT to decode and verify
Supports HS256, RS256, ES256 and variants
Frequently Asked Questions
- Is JWT Verifier free to use?
- Yes, 100% free. No account required, no limits, no hidden fees.
- Is it safe to paste my JWT here?
- All decoding and verification runs entirely in your browser using the built-in Web Crypto API. Your token and keys are never sent to any server. That said, treat production tokens with care and rotate them after testing.
- Which JWT algorithms are supported for verification?
- The verifier supports HMAC algorithms (HS256, HS384, HS512) using a shared secret key, RSA algorithms (RS256, RS384, RS512) using an RSA public key in PEM format, and ECDSA algorithms (ES256, ES384, ES512) using an EC public key in PEM format.
- How is this different from a JWT decoder?
- A decoder only base64url-decodes the three JWT parts to show the header and payload. A verifier goes further — it cryptographically checks the signature against your key to confirm the token has not been tampered with and was signed by the expected party.
- What PEM format should I use for RSA or EC keys?
- Paste the full public key in SPKI PEM format — the block that starts with '-----BEGIN PUBLIC KEY-----'. This is the standard format produced by OpenSSL and most JWT libraries. Do not paste private keys.
- Does it work on mobile?
- Yes, the tool works on all modern browsers including mobile Safari and Chrome on iOS and Android.