jarvisbox

RS256 JWT Signature Validator

RS256 uses RSA PKCS#1 v1.5 with SHA-256 for JWT signing. Unlike HMAC, RSA uses asymmetric keys — the issuer signs with a private key and verifiers use the corresponding public key. This is the standard algorithm for OAuth 2.0 and OIDC tokens issued by providers such as Google, Microsoft, Okta, and Auth0.

To verify an RS256 JWT paste the PEM-encoded public key (the certificate or public key from the JWKS endpoint). The tool uses the browser's SubtleCrypto.importKey ("spki") and SubtleCrypto.verify ("RSASSA-PKCS1-v1_5") APIs — zero dependencies, zero network requests.

Also supports RS384 and RS512 — the algorithm is read automatically from the JWT header.

Open JWT Decoder & Verifier →

How to use

  1. Paste your JWT token into the input field on the main tool page.
  2. The header and payload are decoded instantly — review claims, algorithm, and expiry.
  3. To verify the signature, paste your HMAC secret or PEM public key and click Verify Signature.

Related tools

このツールの問題を報告