Decode the Web.
Keep Secrets Safe.
Pasting production JWTs or API keys into random cloud tools is a massive security risk. Lumist Hash is an offline Swiss-Army knife for developers to decode, encode, and hash payloads entirely in the browser.
Zero Leakage Sandbox
Hash operates entirely locally. No API calls, no cloud processing. Paste your production JWTs and API keys securely without risking compliance breaches.
Crypto Hashing
Generate SHA-256, SHA-384, and SHA-512 fingerprints instantly from any string using the browser's native hardware-accelerated Web Crypto API.
Developer Swiss Army Knife
Base64 encode/decode, URL parameter formatting, JSON Web Token inspection, and batch UUID (v4) generation all in a single interface.
Under the Hood
The architecture powering Lumist Hash.
Web Crypto API
We do not use slow, bloated JavaScript cryptography libraries. Hash utilizes the browser's native `crypto.subtle` API to tap directly into your device's hardware for hashing operations.
Stateless Execution
To guarantee absolute security, Lumist Hash is entirely stateless. None of your tokens or strings are ever saved to IndexedDB or local storage. When you refresh, the data vanishes permanently.
Frequently Asked Questions
Why not just use jwt.io?
Cloud-based tools process your data on remote servers or load third-party tracking scripts. If you are inspecting a live production token containing PII or sensitive claims, pasting it into a public site is a massive vulnerability.
Does this generate cryptographically secure UUIDs?
Yes. Lumist Hash generates Version 4 UUIDs using the browser's native `crypto.randomUUID()` method, ensuring high-entropy, cryptographically secure uniqueness.