Hash & encoding workbench
The small conversions you reach for a dozen times a day — hash a string, decode a Base64 blob, read what’s actually inside a JWT — without pasting anything sensitive into a random website. Type once; everything below updates live, in your browser.
How it works
Hashing uses the browser’s built-in crypto.subtle (WebCrypto) to compute SHA-1, SHA-256 and SHA-512 over the UTF-8 bytes of your input — the same primitives a real application uses, no library shipped. Base64, hexadecimal and URL encoding are done with standard browser APIs, each shown alongside its inverse so you can round-trip either way.
The JWT decoder is the part worth dwelling on. A JSON Web Token is three base64url segments — header, payload, signature — joined by dots. It is signed, not encrypted, so anyone holding the token can read every claim inside it; this tool simply base64-decodes the header and payload and pretty-prints the JSON, flagging the time claims (exp, iat, nbf) and whether the token has expired. It deliberately does not verify the signature — that needs the signing secret or public key, which should never be pasted into a web page. Treating “I can read it” as different from “I can trust it” is the whole security point.