JWT & Base64 Decoder/Verifier

JWT Decoder, Encoder & Verifier is the JSON Web Token companion your phone has been missing. Paste a token and instantly see its header, payload, and claims decoded - then verify its signature, sign your own, or convert Base64 back and forth. Everything runs on the device. No accounts, no network calls, nothing stored.

100% OFFLINE, NOTHING LEAVES YOUR DEVICE

Tokens often carry sensitive data, so this app never uploads them. All parsing, verification, signing, and Base64 work happens locally. There is no server, no logging, and no analytics on the content you paste. It is the safe way to inspect a production token on your phone.

DECODE

- Live decoding as you type or paste - no "decode" button needed
- Pretty-printed JSON for both the header and the payload
- Time claims (iat, nbf, exp) shown as readable UTC, with EXPIRED and "not yet valid" badges
- Raw Base64URL signature segment displayed separately
- Clear, specific errors for malformed tokens

VERIFY SIGNATURES

- HMAC: HS256, HS384, HS512 with a shared secret (raw or Base64 key)
- RSA: RS256, RS384, RS512 (RSASSA-PKCS1-v1.5) with a PEM public key
- RSA-PSS: PS256, PS384, PS512 with a PEM public key
- ECDSA: ES256, ES384, ES512 with a PEM public key
- The input automatically switches between secret and PEM based on the token's algorithm, and the result clearly states valid, invalid, or why it could not be checked

SIGN AND GENERATE

- Build and HMAC-sign a JWT from any JSON payload (HS256/384/512)
- One-tap "Generate key pair" creates a throwaway RSA or EC key for testing, fills the private key, and shows the public key to copy straight into the Verify tab - a complete sign-then-verify loop, entirely on device

BASE64 TOOLBOX

- Encode and decode standard Base64 and URL-safe Base64URL
- Optional padding control
- Falls back to a hex view when decoded bytes are not valid UTF-8 text

BUILT FOR ENGINEERS

- Paste straight from the system clipboard with one tap
- Load a built-in example to see how each tool works
- Copy any result to the clipboard
- Monospace, selectable output throughout

POLISHED TO MATCH YOUR PHONE

- Native Material Design 3 interface
- Light and dark themes that follow the system setting
- Localized in English, Traditional Chinese, Simplified Chinese, and Japanese

WHO IT IS FOR

- Backend and mobile developers debugging auth tokens
- Security engineers inspecting and verifying JWTs
- QA and support teams checking expiry and claims
- Anyone who needs to decode a token without pasting it into a website

A note on standards: this tool reads and verifies tokens; it is an inspection and testing utility, not a secrets manager. Keys you paste or
generate stay on the device and are never transmitted.

JWT Decoder, Encoder & Verifier is fast, private, and made for real debugging. Install it once and stop pasting tokens into random web decoders.