jarvisbox

JWT Decoder & Verifier

Decode JWT tokens and verify signatures in your browser. Inspect header, payload, and claims. Verify HMAC, RSA, and ECDSA signatures. 100% private.

100% client-side · no upload · SubtleCrypto verified

How to use

  1. Paste any JWT token into the input field — the header, payload, and standard claims decode instantly.
  2. Review the color-coded sections: the header shows the algorithm and token type; the payload shows all claims including issuer, subject, and expiry.
  3. To verify the signature, paste your HMAC shared secret or PEM-encoded RSA/ECDSA public key into the verification field and click Verify Signature.

Related use cases

Related developer tools

Frequently Asked Questions

Does my JWT leave my browser?
No. The entire decoding and verification process runs in your browser using the built-in Web Crypto API (SubtleCrypto). Your token, secret, or key is never sent to any server.
Can this tool verify JWT signatures?
Yes. For HMAC tokens (HS256, HS384, HS512) enter your shared secret. For RSA (RS256, RS384, RS512) and ECDSA (ES256, ES384, ES512) tokens paste the PEM-encoded public key. The browser's SubtleCrypto API performs the cryptographic check entirely client-side.
What does the exp claim mean and does the tool check it?
exp is the "expiration time" — a Unix timestamp (seconds since epoch) after which the token must not be accepted. This tool highlights expired tokens in red and shows a human-readable relative time so you can spot stale tokens at a glance.
What algorithms are supported?
Decoding works for any JWT. Signature verification supports HS256, HS384, HS512 (HMAC), RS256, RS384, RS512 (RSA PKCS#1 v1.5), and ES256, ES384, ES512 (ECDSA). The algorithm is read automatically from the JWT header.
Why should I use this instead of jwt.io?
jwt.io sends your token to their servers for decoding. This tool is 100% client-side — nothing ever leaves your device. It is safe to use with production tokens, API keys embedded in JWTs, or tokens containing PII.

Last updated:

Report a problem with this tool