Offline Encoding & Cryptography

Decode the Web. Keep Secrets Safe.

Pasting production JWTs or API keys into random cloud tools is a massive security risk. Lumist Hash is an offline Swiss-Army knife for developers to decode, encode, and hash payloads entirely in the browser.

lumist.app/hash/workspace
JWT Decoder

Zero Leakage Sandbox

Hash operates entirely locally. No API calls, no cloud processing. Paste your production JWTs and API keys securely without risking compliance breaches.

Crypto Hashing

Generate SHA-256, SHA-384, and SHA-512 fingerprints instantly from any string using the browser's native hardware-accelerated Web Crypto API.

Developer Swiss Army Knife

Base64 encode/decode, URL parameter formatting, JSON Web Token inspection, and batch UUID (v4) generation all in a single interface.

Under the Hood

The architecture powering Lumist Hash.

Cryptography

Web Crypto API

We do not use slow, bloated JavaScript cryptography libraries. Hash utilizes the browser's native `crypto.subtle` API to tap directly into your device's hardware for hashing operations.

Architecture

Stateless Execution

To guarantee absolute security, Lumist Hash is entirely stateless. None of your tokens or strings are ever saved to IndexedDB or local storage. When you refresh, the data vanishes permanently.

Frequently Asked Questions

Why not just use jwt.io?

Cloud-based tools process your data on remote servers or load third-party tracking scripts. If you are inspecting a live production token containing PII or sensitive claims, pasting it into a public site is a massive vulnerability.

Does this generate cryptographically secure UUIDs?

Yes. Lumist Hash generates Version 4 UUIDs using the browser's native `crypto.randomUUID()` method, ensuring high-entropy, cryptographically secure uniqueness.

© 2026 Lumist. All rights reserved. Your data never leaves your device.

Privacy|Terms|Support