JWT Verifier
Verify a JWT signature and show the verified claims. Paste your data, then click to dissect it. Everything runs on your device, nothing is sent to a server.
Everything runs in your browser. Your data is never sent to our servers.
Example
Example Input
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM…
Example Output
✓ VALID + payload
How to Use
- 1Paste your data (PEM/Base64/token) into the Input field.
- 2Click the button (or press Ctrl+Enter) to dissect it.
- 3Read the decoded result in the Output field.
About JWT Verifier
JWT Verifier checks whether a token signature is genuinely valid for the secret/key you provide — an essential step before trusting the claims inside it.
Unlike Decode (which only shows contents), this tool runs the cryptographic verification. For HS256 fill the secret; for RS256/ES256 paste a PEM public key. If valid, the payload is shown; if not, it is marked INVALID.
Verification also checks time claims like exp (expiry). Always verify tokens on the trusting side — never trust an unverified payload.
FAQ
Are my data or keys sent to a server?
No. JWT Verifier runs entirely in your browser using the Web Crypto API and client-side libraries. Your data, passwords, and keys never leave your device.