JWT Verifier (HS256/384/512)

Verify a JWT HMAC signature (HS256/HS384/HS512) with your secret online, computed in your browser.

About this tool

Check whether a JWT's HMAC signature is valid for a given secret, and whether the token has expired. Verification runs locally with Web Crypto, so your secret stays in the browser.

Frequently asked questions

Which algorithms are supported?

The HMAC family — HS256, HS384 and HS512. RS/ES (asymmetric) tokens are not verified here.

It says signatureValid but valid is false — why?

The signature matched but the token is expired (exp in the past). valid combines both signature and expiry.

Related encoding & crypto tools

Base64 Encode / Decode URL Encode / Decode HTML Entity Encode / Decode Hex Encode / Decode Base58 Encode / Decode Base32 Encode / Decode Hash Generator (MD5, SHA-1, SHA-256)HMAC Generator CRC32 Checksum JWT Decoder All tools →