JWS Sign Payload with Custom Key
By Anish Nath - Security Engineer & Cryptography Expert
|
@anish2good
|
Last Updated: January 23, 2025
Privacy-First
No Keys Stored
100% Free
How to Use: Select an algorithm, enter your JSON payload, and provide your own key (shared secret for HMAC, or PEM private key for RSA/ECDSA). Click "Sign Payload" to generate a JWS. Sample keys are provided for testing.
Loading!
Related JWS/JWT Tools
Support This Free Tool
Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.
500K+ users
200+ tools
100% private
Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.
JWS Signing with Custom Keys Guide
JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures, as defined in RFC 7515.
When to Use Custom Key Signing
Use this tool when you need to:
- Integrate with existing systems: Sign JWS using keys already deployed in your infrastructure
- Key management control: Maintain full control over key generation and storage
- Testing and debugging: Sign JWS with specific keys for testing verification flows
- Interoperability testing: Verify compatibility with third-party systems using their provided keys
Algorithm Comparison
| Algorithm | Type | Key Type | Hash | Use Case |
|---|---|---|---|---|
HS256 |
HMAC | Shared Secret (32+ bytes) | SHA-256 | Internal APIs, microservices |
HS384 |
HMAC | Shared Secret (48+ bytes) | SHA-384 | Higher security internal use |
HS512 |
HMAC | Shared Secret (64+ bytes) | SHA-512 | Maximum HMAC security |
RS256 |
RSA PKCS#1 | RSA Private Key | SHA-256 | Widely compatible, OAuth 2.0 |
RS384 |
RSA PKCS#1 | RSA Private Key | SHA-384 | Higher RSA security |
RS512 |
RSA PKCS#1 | RSA Private Key | SHA-512 | Maximum RSA security |
PS256 |
RSA-PSS | RSA Private Key | SHA-256 | More secure than PKCS#1 |
PS384 |
RSA-PSS | RSA Private Key | SHA-384 | High security RSA-PSS |
PS512 |
RSA-PSS | RSA Private Key | SHA-512 | Maximum RSA-PSS security |
ES256 |
ECDSA | EC P-256 Private Key | SHA-256 | Modern, compact signatures |
ES384 |
ECDSA | EC P-384 Private Key | SHA-384 | Higher EC security |
ES512 |
ECDSA | EC P-521 Private Key | SHA-512 | Maximum EC security |
Key Format Requirements
HMAC Keys
Plain text shared secret. Minimum lengths:
- HS256: 32 bytes
- HS384: 48 bytes
- HS512: 64 bytes
RSA Keys
PEM format with markers:
-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----
Or PKCS#8 format
EC Keys
PEM format with markers:
-----BEGIN EC PRIVATE KEY----------END EC PRIVATE KEY-----
Curve must match algorithm
Security Note:
Never share your private keys or HMAC secrets. This tool processes keys client-side for display purposes,
but the actual signing happens server-side. For production use, ensure keys are generated and stored securely.