Security
Security utilities for JWT inspection, strong password generation, Hash digests, and HMAC signatures across authentication debugging, integrity checks, and API signing.
9 tools
Security
-
JWT Inspector
Decode a JSON Web Token in the browser to read its header, payload, and claims, then verify or re-sign it with HMAC, RSA, ECDSA, or EdDSA keys.
Open tool -
Password Generator
Generate random passwords, memorable passphrases, and PINs locally with length, character groups, custom symbol sets, similar-character filtering, and strength scoring.
Open tool -
Hash Generator
Generate text and file hash digests with SHA-256, SHA-512, SHA3, BLAKE3, MD5, CRC, and xxHash for integrity checks, release verification, and data fingerprints.
Open tool -
HMAC Generator
Create HMAC-SHA256, HMAC-SHA512, and other keyed message authentication codes for API authentication, webhook verification, tamper checks, and file signature comparison.
Open tool -
RSA Key Generator
Generate RSA public and private key pairs in the browser for encryption and digital signatures, with selectable key size, hash, RSA-OAEP / RSA-PSS / PKCS#1 usage, and PEM, PKCS#1, JWK, and OpenSSH output.
Open tool -
Certificate Decoder
Decode X.509 certificates, certificate chains, and CSRs in the browser to read subject, issuer, validity, SANs, key usage, key size, and SHA-256 fingerprints.
Open tool -
File Encryption
Encrypt and decrypt any file locally with a password using AES-256-GCM, PBKDF2 key derivation, built-in integrity verification, password strength feedback, and chunked progress for archival, transfer, and cloud upload protection.
Open tool -
htpasswd Generator
Generate Apache and nginx .htpasswd credentials with bcrypt, Apache MD5, SHA-512 and more, plus a verify mode — all computed locally in your browser.
Open tool -
Chmod Calculator
Compute Unix file permissions with a visual rwx matrix and read the octal, symbolic, and chmod command at once. Handles setuid, setgid, and the sticky bit, applies symbolic operations like u+x or go-w, resolves umask values, and flags risky settings.
Open tool
About this category
Authentication and integrity checks live on the surface of almost every backend integration. When a request 401s, when a webhook signature fails to verify, when a download checksum doesn't match — the answer is usually one of the same handful of primitives: a JWT, a hash digest, an HMAC signature, or a generated secret.
These tools give you a quick way to inspect those primitives without writing a script or pasting into a third-party site. Decode a token in seconds, generate a fresh password, hash a value with the algorithm the docs asked for, or recompute an HMAC to compare against the one in the header.
What you can do here
-
JWT inspection with claim breakdown
Decode header and payload, surface the algorithm, check expiry, and verify signatures with a copied secret or public key.
-
Cryptographically strong passwords
Generate passwords with explicit character classes, length, and entropy estimates for product accounts and service credentials.
-
Hash digests across algorithms
Compute SHA-256, SHA-1, MD5, and other digests for files and text — useful for fingerprinting, deduplication, or download verification.
-
HMAC for API signatures
Build HMAC-SHA256/512 signatures with text or hex keys to debug webhook verification, request signing, and OAuth flows.