Monu Tools

JWT 生成器

完全在浏览器中,从载荷和密钥创建并签名 HS256 JSON Web Token。

如何使用 JWT 生成器

  1. 01

    将载荷编辑为 JSON 对象。

  2. 02

    输入你的 HS256 密钥。

  3. 03

    生成并复制已签名的令牌。

Sign tokens in the browser

A JWT generator that builds and signs JSON Web Tokens from your payload and secret, entirely in your browser using the Web Crypto API. It pairs with the JWT decoder, which inspects an existing token.

How a JWT is put together

A JWT has three parts separated by dots: a header, a payload of claims, and a signature, each Base64url encoded. The signature is what makes the token trustworthy: it proves the payload has not been altered and was issued by someone who holds the secret.

HS256 and your secret

This tool signs with HS256, that is HMAC using SHA-256, the most common symmetric JWT algorithm. The same secret both signs and verifies the token, so it must be kept private on the server.

For HS256, use a long, random secret. A short or guessable secret undermines the whole token, since anyone who guesses it can mint valid tokens of their own.

Encoded, not encrypted

An important point about JWTs: the payload is only encoded, not encrypted. Anyone with the token can read its claims by Base64-decoding them, so never put passwords or sensitive data in a JWT. The signature stops tampering, it does not provide secrecy.

Security note

Because signing happens locally, your secret and payload never leave your device. Even so, avoid pasting real production secrets on a shared or public computer.

常见问题

使用哪种算法?

HS256(使用 SHA-256 的 HMAC),最常见的对称 JWT 算法,在你的浏览器中使用 Web Crypto API 签名。

我的密钥会被发送到任何地方吗?

不会。签名完全在你的浏览器中进行,因此密钥和载荷永远不会离开你的设备。不过,请避免在共用机器上使用真实的生产密钥。

我也能解码令牌吗?

能,使用 JWT 解码器工具查看现有令牌的头部和载荷。

来源

嵌入此工具

将此工具添加到你自己的网站。复制下方代码片段即可,它会自动保持最新。

<iframe src="https://monu.tools/embed/zh/jwt-generator" width="100%" height="640" style="border:1px solid #e5e5e5;border-radius:12px;max-width:680px" loading="lazy" title="Monu Tools"></iframe>

相关工具