How to Validate JWT Signatures
JWT Validation
What Validation Checks
This tool verifies the cryptographic signature using your HMAC secret or RSA public key, then inspects claims and expiration — all locally in your browser.
HMAC vs RSA
HS256/384/512 tokens require the shared secret. RS256/384/512 tokens require the issuer's public key in PEM format.
Frequently asked questions
Does this check against a remote JWKS endpoint?
No. Paste your secret or public key directly. No network requests are made.
What PEM format is supported for RSA?
Standard SPKI public keys: -----BEGIN PUBLIC KEY----- blocks.