In development. RVNT is pre-release — not yet security-audited. Source code, public builds, and the iOS / App Store release aren’t available yet. See the roadmap →

JWT Signature Verifier

Verify a JWT's HMAC signature & claims.

Runs entirely in your browser — nothing you enter is uploaded, logged, or tracked.

Paste a JWT and the signing secret to verify its HMAC signature (HS256/HS384/HS512) and see whether it is authentic and still valid — with the decoded header and payload, and a clear check of the exp/nbf/iat timestamps. Everything is computed locally with the Web Crypto API.

Frequently asked questions

Which algorithms are supported?

HMAC — HS256, HS384 and HS512 — verified with the Web Crypto API. Asymmetric algorithms (RS/ES) need a public key and are not verified here; their claims are still decoded.

Is my secret or token sent anywhere?

No. Verification runs entirely in your browser; the token and secret never leave your device.

Does it check expiry?

Yes — it flags the exp (expired), nbf (not yet valid) and iat claims against the current time, separately from the signature check.

Related tools

JSON Formatter Format, validate & minify JSON. Base64 Encoder / Decoder Encode & decode Base64, Unicode-safe. URL Encoder / Decoder Percent-encode & decode URLs.

Built by a privacy company

These tools never phone home — the same principle as RVNT itself: a post-quantum, end-to-end-encrypted, peer-to-peer messenger with no servers and no tracking.

Get RVNT All tools