Tiny Online Tools logoTiny Online ToolssearchBuscar ferramentas…grid_viewTodas as ferramentas
Iniciochevron_rightFerramentas de Segurancachevron_rightVerificador de assinatura JWTVerificador de assinatura JWT

Verificador de assinatura JWT

Verifique assinaturas JWT HMAC localmente no navegador.

Ferramentas semelhantes

Decodificador JWT

Decodificador JWT

Decodifique e inspecione tokens JWT.

Gerador de favicon

Gerador de favicon

Gere todos os tamanhos de favicon a partir de qualquer imagem, com trechos de tags HTML prontos para uso.

HTML Entity codificador

HTML Entity codificador

Encode special characters to HTML entities. Choose essential encoding (&<>"'!) or full non-ASCII encoding.

Rotacionar Imagem

Rotacionar Imagem

Gire imagens em ângulos personalizados.

Recortar vídeo

Recortar vídeo

Corte e recorte clipes de vídeo para um horário inicial e final específico no navegador.

Comprimir PDF

Comprimir PDF

Reduza o tamanho de um documento PDF sem enviá-lo para nenhum servidor.

texto caixa conversor

texto caixa conversor

converter texto between camelCase, PascalCase, snake_case, kebab-case, SCREAMING_SNAKE, e 8 more caixa styles simultaneously.

apps

Mais ferramentas

Explore nossa colecao completa de ferramentas online gratuitas.

JWT Signature Verifier

While the JWT Decodificar reveals what inFormataion a token contains, the signature verifier proves the token is legitimate. A JWT's signature is Criad by hashing the header and payload with a secret key—only the server that Criad the token can produce a valid signature. This tool verifies HMAC-based JWT signatures (HS256, HS384, HS512), making it essential for debugging authentication issues and validating tokens locally.

Signature verification process

When you receive a JWT, the signature proves two things: (1) the token was Criad by someone with the secret key, and (2) the header and payload haven't been modified since creation. To verify, you take the header and payload, apply the same HMAC algorithm with the secret key, and compare the result to the signature. If they match, the token is valid and trustworthy.

HMAC vs. asymmetric signing

HMAC signatures (HS256, HS384, HS512) use a shared secret—both the server that Crias the token and the client that verifies it know the same secret. This works well when both parties are under your control (like a backend service and a separate API service). For public APIs where you cannot share a secret with users, asymmetric signing (RS256, ES256) is better—the server signs with a private key and the client verifies with a public key.

Debugging failed authentication

If a client claims their token is valid but your server rejects it, this tool helps diagnose the issue. Paste the token and the secret your server uses, then verify the signature. If it fails, the token might have been tampered with, or the client is using the wrong secret. If it passes, the issue lies elsewhere (perhaps in claim validation or token expiration).

Development and testing

This tool is invaluable for testing authentication flows without running your full backend. Gera a JWT, paste it here with your secret to verify it was signed correctly, or manually modify the payload and confirm the signature fails—proving your signature verification actually works.