jwt.sh

encode, decode and verify JWT

Supported algorithm

none
HS256
HS384
HS512
RS256
RS384
RS512

Dependency

openssl
base64
xxd
sed

Debian

# vim for xxd
apt install openssl sed vim

Alpine

# base64, xxd, sed are included in busybox
apk add openssl-misc

Usage

jwt.sh enc [alg] [payload] [secret]
jwt.sh dec [token] [secret]
jwt.sh dec [token] --pub [pubkey]

alg:    none HS256 HS384 HS512 RS256 RS384 RS512
secret: string when using HS256, HS384, HS512
        private key path when using RS256, RS384, RS512
        this field will be omitted when using none alg
pubkey: public key path when using RS256, RS384, RS512

Encode and sign a JWT using none alg

jwt.sh enc none '{"hello": "world"}'

Encode and sign a JWT using HS256, HS384, HS512

jwt.sh enc HS256 '{"hello": "world"}' 'i_am_a_secret_key'
jwt.sh enc HS384 '{"hello": "world"}' 'i_am_a_secret_key'
jwt.sh enc HS512 '{"hello": "world"}' 'i_am_a_secret_key'

Encode and sign a JWT using RS256, RS384, RS512

jwt.sh enc RS256 '{"hello": "world"}' '/path/to/rsa/private_key.pem'
jwt.sh enc RS384 '{"hello": "world"}' '/path/to/rsa/private_key.pem'
jwt.sh enc RS512 '{"hello": "world"}' '/path/to/rsa/private_key.pem'

Decode and verify a JWT

# HS256, HS384, HS512
jwt.sh dec 'eyJhbGciOiJIUzI1NiJ9.eyJrIjoidiJ9.oLV5ZIHTfktQGg8nBYBo4XkDu5xwuri10tC7fa7QYmk' 'a_secret'
# RS256, RS384, RS512 with private key
jwt.sh dec [token] '/path/to/rsa/private_key.pem'
# RS256, RS384, RS512 with public key
jwt.sh dec [token] --pub '/path/to/rsa/public_key.pem'

Decode a JWT without verifying

# alg none is supported
jwt.sh dec eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJoZWxsbyI6IndvcmxkIn0.
jwt.sh dec 'eyJhbGciOiJIUzI1NiJ9.eyJrIjoidiJ9.oLV5ZIHTfktQGg8nBYBo4XkDu5xwuri10tC7fa7QYmk'