Encode, decode, and inspect with confidence
Data rarely travels in its original form. It gets Base64-encoded to survive transport, percent-encoded to fit inside a URL, signed into a JWT, hashed for integrity, or wrapped in an X.509 certificate. The tools in this category let you move freely between these representations — encoding when you need to package data and decoding when you need to read it — and inspect security artifacts to understand exactly what they contain.
Because several of these tools touch tokens, keys, and certificates, the 100% client-side design is essential. A JWT you paste here is decoded in your browser; an RSA key you generate is created on your machine and never transmitted. Nothing sensitive is sent over the network.
Tools in this category
- Base64 Encoder / Decoder — Convert text and files to and from Base64.
- JWT Decoder — Inspect the header, payload, and claims of a JSON Web Token.
- X.509 Decoder — Read certificate subjects, issuers, validity, and extensions.
- URL Encoder / Decoder — Percent-encode and decode URL components.
- Text Escape / Unescape — Escape strings for JSON, HTML, and other contexts.
- Hash & Checksum — Generate MD5, SHA-1, SHA-256 and other digests.
- RSA Key Generator — Generate RSA key pairs locally.
- Password Generator — Create strong, customizable passwords.
- Number Base Converter — Convert between binary, octal, decimal, and hex.
Common use cases
These tools support a huge range of daily tasks: decoding a JWT to debug an authentication flow, checking the expiry and issuer of a TLS certificate, encoding a value so it can be passed safely in a query string, verifying a file’s integrity against a published checksum, escaping a string before embedding it in code, or generating a secure password or key pair. Each tool explains the format it works with, so you also learn why the encoding exists.
Frequently asked questions
Is decoding the same as decrypting? No. Base64 and URL encoding are reversible representations, not encryption — anyone can decode them. Decoding a JWT reveals its contents but does not verify or break its signature.
Are generated keys and passwords safe to use? They are generated locally in your browser using the platform’s cryptographic APIs and are never transmitted. As always, store secrets securely after generating them.
Does anything I paste leave my browser? No. All encoding, decoding, and generation happens on your device.