tools/encode/jwt sign
// encodenew

jwt sign

sign jwt tokens with hs256, rs256 or es256 via webcrypto

  // browser · free
payload
key / secret (HS256 secret)
// signed token appears here

// about this tool

The JWT signer lets you create signed tokens using HS256 (HMAC-SHA-256), RS256 (RSA-SHA-256), or ES256 (ECDSA-P256-SHA-256) — all three algorithms from RFC 7518. Set any header and payload fields, enter your secret or private key, and get a ready-to-use signed token. Everything runs in your browser via the WebCrypto API; no keys or tokens leave your tab.

// when to use

  • Create test tokens to feed into a protected API endpoint during development
  • Generate a signed token with a specific expiry or custom claim to test your JWT validation logic
  • Understand how signing works by tweaking the payload and watching the signature change
  • Sign tokens with RS256 or ES256 using a locally generated key pair

// faq

Which algorithms are supported?
HS256 (HMAC-SHA-256) with a shared secret, RS256 (RSA-PKCS1v1.5-SHA-256) with a PEM private key, and ES256 (ECDSA-P256-SHA-256) with a PEM EC private key. These cover the vast majority of real-world JWT deployments.
Is my key sent to your server?
No. Signing uses the WebCrypto API built into your browser. Your secret or private key never leaves the tab.
// history
Pro Cloud Sync — upgrade
no operations yet