Does anything I type get uploaded?

No. The encoder runs entirely in your browser. Nothing is sent to any server.

Which algorithms can I sign with?

alg=none (no signature), HS256 using a secret, and RS256 using an RSA private key (PEM PKCS#8 or PKCS#1).

Can I generate an RSA key pair?

Yes—use the Generate RSA Key Pair button to create a local pair. You can export the public key to share with verifiers. Keys are not uploaded.

JWT Encoder

Create and sign JSON Web Tokens locally. Private by design—everything runs in your browser.

Header & Payload

Algorithm:

Header JSON:

Tip: "typ": "JWT" will be set automatically if missing.

Payload JSON:

Claim helpers (optional)

Add iat (now) Add nbf (now)

exp in minutes

iss (issuer)

sub (subject)

aud (audience)

jti (token id)

Sign & Output

HMAC Secret (HS256)

JWT Output

Tip: Press Ctrl/Cmd + Enter to create a JWT. You can also drop a .json file into the payload box.

About this tool

This encoder assembles a JWT by JSON-encoding your header and payload, Base64URL-encoding both, and signing the byte string header.payload (when applicable) using the Web Crypto API.

Signing support

none: no signature (use with caution).
HS256: HMAC SHA-256 with a secret string.
RS256: RSA PKCS#1 v1.5 with SHA-256 using a PEM private key (PKCS#8 or PKCS#1).

Privacy

Everything runs locally in your browser—no uploads. For highly sensitive secrets or keys, consider using the offline bundle or a dedicated local environment.

JWT Encoder

Header & Payload

Claim helpers (optional)

Sign & Output

About this tool

Signing support

Privacy

Explore more tools