DevToolKits.app
JWT & keys

JWKS Generator

Generate 2048-bit RSA key pairs, manage kid values, and create JWKS (JSON Web Key Sets)
containing public keys only. You can also sign RS256 JWTs using the generated private key, inspect the payload, and copy keys, JWKS, or tokens with a single click.

This tool is useful for testing JWT authentication flows, validating key rotation with kid, and preparing sample JWKS endpoints for development, debugging, and documentation.
All cryptographic operations run entirely in your browser.
No private keys, payloads, or tokens are uploaded to any server, ensuring safe local testing.

Keys are created locally and never uploaded anywhere.

Current kid -

The JWKS contains only the public key.

RS256 signature uses the generated private key.

Guide

How to use & features

  • Optionally enter a kid, then click “Generate 2048-bit RSA keys” to create the key pair and JWKS.
  • Copy the public key as a JWKS (JSON Web Key Set) and keep the private key in PKCS#8 PEM format.
  • Edit the payload JSON and click “Create JWT” to generate an RS256-signed token.
Samples

Sample input & output

Publish an RSA key

Input

Algorithm: RS256
Key ID: demo-key

Output

{
  "keys": [
    {
      "kty": "RSA",
      "kid": "demo-key",
      "alg": "RS256",
      "use": "sig",
      "n": "u0fKsY6LQyqQy1vny7H2X7bqY7HWe8soT0x6XPrmT5w",
      "e": "AQAB"
    }
  ]
}
FAQ

Frequently asked questions

Can I extract only the key that matches a kid?
Yes. Select the target kid to export just that key as PEM.
What is this tool useful for?
It helps pull public keys for JWT verification and isolate a specific key from a JWKS set for reuse.
Is any data sent to a server?
No. Parsing and conversions run entirely in your browser.
Use cases

Common use cases

  • Validating key sets

    Fetch JWKS endpoints to inspect kid and alg values and confirm the expected signing algorithms.

  • Checking rotation status

    See whether old and new keys coexist to catch timing gaps between issuers and verifiers.

  • Sharing debug details

    Format the fetched JSON for teammates when troubleshooting integrations with external IdPs.

Notes

Notes & limitations

  • Work stays in your browser

    Inputs and outputs remain local. Closing the tab or clearing cache will remove any temporary state.

  • Validate critical data

    Results are helper outputs—double-check them before sending to production systems or sharing externally.

  • Large payloads depend on your device

    Very large text or files can feel slow in some browsers. Use a desktop environment for heavy workloads.

Ad

Quick links to other tools

Stay within DevToolKits with shortcuts to the most-used utilities across the site.

DevToolKits.app
Articles 1 items
Article Index
Time & date tools 4 items
Time Zone Converter Time Units UNIX Time Cron Editor
URL & text 5 items
URL Encode URL Params → JSON Regex Tester Text & Code Suite Markdown Table
JSON & schema 6 items
JSON Formatter JSON → TS Types JSON → Zod JSON → OpenAPI JSON ⇔ YAML GitHub Actions Visualizer
Encoding & security 5 items
Base64 / 58 / 32 JWT Decoder Hash & HMAC JWKS Generator GUID / NanoID
Utilities 4 items
Diff Checker Color Utility QR Generator QR Reader

Ad