Does this JWT tool verify signatures?
No. It decodes the header and payload so you can inspect the JSON. A decoded token is not proof that the token is authentic.
Can it encode or sign JWTs?
Yes. Encode mode can create unsigned JWTs or HMAC-signed JWTs with HS256, HS384, or HS512 using the browser Web Crypto API.
Are JWTs or signing secrets uploaded to a server?
No. Decode and encode actions run in your browser, and JWTs or HMAC secrets are not sent to WebMultitool servers or external APIs.
Why do token dates look different from my server logs?
JWT date claims are Unix timestamps in seconds. The tool shows UTC and your browser's local time, so timezone display can differ from server logs.