Auto Caesar Cipher Decoder – Online Rot1‑25 Try All
Paste an enciphered text and instantly see all 25 possible shifts. Highlight the most plausible.
UD5 Toolkit
Decode, inspect and verify JSON Web Tokens (JWT) online. All processing happens locally in your browser.
.): Header, Payload, and Signature. Each part is Base64url encoded. The header typically contains the token type (JWT) and the signing algorithm (alg). The payload holds the claims (e.g., user ID, expiration time). The signature is created by signing the encoded header and payload with a secret or private key.
HS256, HS384, HS512 (HMAC with SHA-2), RS256, RS384, RS512 (RSA PKCS#1 v1.5), ES256, ES384, ES512 (ECDSA), and PS256, PS384, PS512 (RSA-PSS). The algorithm is automatically detected from the JWT header.
-----BEGIN PUBLIC KEY-----. Many identity providers (Auth0, Okta, Firebase) expose JWKS endpoints where you can obtain the correct key.
Paste an enciphered text and instantly see all 25 possible shifts. Highlight the most plausible.
Encode or decode data to/from Base58 (Bitcoin alphabet). Useful for cryptocurrency address generation testing. Fully local, no data sent.
Encode or decode a string for use in a URL query parameter. See the raw and encoded versions. Dev tool.
Split a long text into blocks of N characters or words. Perfect for token limits or social media threading.
Paste text with \uXXXX or \xXX escape sequences and decode to readable characters. Works for all Unicode planes.
Generate strong random strings for API tokens, session secrets, or encryption keys. Uses crypto.getRandomValues().
Sign a message with a private key and verify the signature with the public key. Learn digital signature flow.
Paste a JWT and a public key or secret to verify the signature. Supports HS256, RS256, ES256. All operations local.
Decode an image progressively using the ImageDecoder API. See partial results and metadata. Modern alternative to <img>.
Hash passwords using the bcrypt algorithm with configurable cost factor. Also verify a password against a stored hash. All local.
Encode latitude/longitude into a geohash string and decode a geohash back to coordinates with precision info. Local algorithm.
Convert integers into short, unique, YouTube‑style IDs (hashids) and decode them back. Customize salt and minimum length.
Encode any file into a Base64 string that you can copy, or decode a Base64 string back to a downloadable file. Pure frontend.
Freeze your live camera, then scan a QR code from the static frame. Works when auto‑scan fails. Private.
Paste a data: URL and instantly download the file it represents. Supports all MIME types. Simple extraction.
Enter Braille dot numbers (1‑6) or paste Unicode Braille to decode into English text. Companion to text‑to‑Braille.
Paste a raw cookie string and see a formatted key‑value table. Debug session cookies and understand flags. Runs in browser.
Upload an image containing a QR code and decode its content. Works offline using JavaScript QR decoder. No camera needed.
Find out the real destination of any shortened link (bit.ly, t.co, etc.) without clicking. Resolves redirects locally using public HTTP headers.
Break down any URL into its individual components: protocol, hostname, path, query parameters. Decode query strings easily. Purely client-side.
Decode the header and payload of a JSON Web Token (JWT) without verifying the signature. Inspect claims securely on the client side. Great for developers.
Decode Base64 encoded strings back into viewable images and download them as PNG. Useful for debugging APIs and data URIs. Secure local processing.
Create random strings of any length using custom character sets. Perfect for generating API tokens, salts, and unique codes. Fully client-side secure.