JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. It is digitally signed, so it can be verified and trusted. JWTs are commonly used for authentication and information exchange in web applications.

What algorithms are supported?

This tool supports HMAC-based algorithms: HS256 (HMAC + SHA-256), HS384 (HMAC + SHA-384), and HS512 (HMAC + SHA-512). These are symmetric algorithms where the same secret is used for both signing and verification.

Is the signing done securely?

Yes. The signing uses the Web Crypto API built into your browser, which provides cryptographically secure HMAC operations. Your secret key and token never leave your device.

What are the standard JWT claims?

Standard claims include: 'sub' (subject - who the token is about), 'iss' (issuer), 'aud' (audience), 'exp' (expiration time as Unix timestamp), 'iat' (issued at), 'nbf' (not before), and 'jti' (JWT ID). You can also add any custom claims.

How do I set expiration times?

The 'exp' claim uses Unix timestamps (seconds since epoch). Use the quick buttons (+1h, +1d) to set the expiration relative to the current time. The 'iat' (issued at) claim can be set to the current time using the 'Now' button.

Should I use this for production tokens?

This tool is designed for development and testing. For production, generate tokens server-side with proper key management. Never embed secrets in client-side code. Consider using RS256 (asymmetric) for production to keep the signing key private.

CalcHive

JWT Builder & Signer

New

Build and sign JSON Web Tokens (JWT) with a visual interface. Supports HS256, HS384, HS512 algorithms. Add standard and custom claims, set expiration, and generate signed tokens.

Algorithm

Signing Secret

Payload Claims

Values are auto-parsed: numbers stay as numbers, "true"/"false" become booleans, JSON objects/arrays are parsed. Everything else stays as a string.

Generated JWT token will appear here...

How to Use JWT Builder & Signer

Choose the HMAC algorithm (HS256, HS384, or HS512).
Enter a signing secret key.
Add or modify payload claims (sub, name, exp, custom fields).
Click "Generate JWT" to create and sign the token.
Copy the generated token or inspect the decoded header and payload.

Building JSON Web Tokens

JWTs consist of three parts: a header (algorithm and type), a payload (claims about the user or session), and a signature (created using the header, payload, and a secret key). This tool lets you visually construct all three parts and generates a properly signed token.

This is useful for development and testing: generate test tokens for API development, create tokens with specific claims for testing authorization logic, or learn how JWT signing works. The color-coded output shows each part of the token for easy identification.