Crypto & Tokens
HMAC signatures and TOTP two-factor codes.
AES Encryption
Encrypt and decrypt text with AES-GCM and a password. Uses 256-bit keys derived with PBKDF2, runs entirely in your browser, and nothing is uploaded.
HMAC Generator
Generate an HMAC for a message and secret key with SHA-1, SHA-256, SHA-384 or SHA-512. Verify webhook and API signatures, with hex or base64 output.
Htpasswd Generator
Generate an Apache .htpasswd line (username plus {SHA} or plain password) for basic auth. Hashed in your browser, nothing is uploaded.
JWT Verifier
Verify a JWT signature with HS256, HS384 or HS512 and your secret. Checks exp and nbf claims and shows the decoded header and payload. Runs in your browser.
RSA Key Generator
Generate an RSA public and private key pair in PEM format. Keys are created in your browser with the Web Crypto API and never sent anywhere.
TOTP Generator
Generate time-based one-time passwords from a base32 secret, just like an authenticator app. Test 2FA flows with live RFC 6238 codes in your browser.