Verify Signature
What is JWT?
JWT (JSON Web Token, RFC 7519) is an open standard for securely transmitting information between parties as a compact JSON object. It is commonly used for authentication and authorization.
Structure
A JWT consists of three Base64URL-encoded parts separated by dots: Header.Payload.Signature. The header specifies the token type and signing algorithm. The payload contains the claims. The signature verifies integrity.
Supported Algorithms
HMAC (HS256/384/512), RSA (RS256/384/512), RSA-PSS (PS256/384/512), and ECDSA (ES256/384/512). The unsigned `alg=none` is rejected for safety.
Accepted Key Formats
HMAC: any UTF-8 string. Asymmetric: PEM only — PKCS8 (-----BEGIN PRIVATE KEY-----) for signing, SPKI (-----BEGIN PUBLIC KEY-----) for verifying. PKCS1, SEC1, encrypted PEM, and X.509 certificates are not accepted; the tool will tell you the exact openssl command to convert them.