Are these tools safe for production secrets?

Use them for development and education. For production, rely on audited libraries, hardware security modules, and your organization’s key policies—not pasted secrets in a web page.

Do you log what I type?

Hashing, encoding, and decoding run in your browser. We do not intentionally collect tool inputs; avoid pasting highly sensitive production secrets into any website.

Does the JWT decoder verify signatures?

The decoder shows header and payload only. Signature verification requires keys and crypto steps beyond a simple viewer.

Security & utility

Security & encoding tools

Use these utilities to learn and debug: strength-check passwords, generate UUIDs, inspect tokens, and verify encoding. They are not a substitute for a full security audit or production key management.

All security & utility tools (11)

Password generator
Create strong random passwords with length and character options—use with your password manager.
Password strength checker
Estimate password strength with heuristic feedback—learn what makes passphrases harder to guess.
Base64 encoder / decoder
Encode or decode Base64 text for debugging APIs, tokens, and data URIs—runs locally in your browser.
Hash generator (MD5, SHA-256)
Compute MD5 and SHA-256 hashes for pasted text—useful for checksums and quick comparisons in development.
UUID generator (v4)
Generate random UUID v4 values in bulk for databases, APIs, and test data—copy with one click.
JWT decoder
Inspect JWT header and payload (read-only). Does not verify signatures—use your auth stack for validation.
URL encoder / decoder
Percent-encode or decode text for query strings and `application/x-www-form-urlencoded` bodies.
PEM viewer
Inspect PEM blocks: label, payload length, and a safe preview—useful for certs and keys in text form.
HMAC generator
Compute HMAC-SHA256 or HMAC-SHA1 for a secret and message—debug webhooks and signed requests.
X.509 certificate viewer
Decode PEM or DER certificates: subject, issuer, validity, serial, and extensions for TLS debugging.
Bcrypt hash demo
Hash a password with bcrypt cost factors for learning—do not use for production secret storage as-is.

Frequently asked questions

Are these tools safe for production secrets?: Use them for development and education. For production, rely on audited libraries, hardware security modules, and your organization’s key policies—not pasted secrets in a web page.
Do you log what I type?: Hashing, encoding, and decoding run in your browser. We do not intentionally collect tool inputs; avoid pasting highly sensitive production secrets into any website.
Does the JWT decoder verify signatures?: The decoder shows header and payload only. Signature verification requires keys and crypto steps beyond a simple viewer.

Loading tool…