Paste a single JSON Web Key or a full JWKS document. The inspector validates the shape, classifies each key as public or private, surfaces kid, alg, use, and key_ops, and computes the canonical RFC 7638 SHA-256 thumbprint. Everything runs in your browser via the Web Crypto API — paste real keys safely.
A JSON Web Key (RFC 7517) represents a cryptographic key as JSON.
The kty (key type) tells you the family: RSA, EC,
OKP (Edwards / X-curve), or oct (symmetric). A
JWKS is an object with a keys array — what an OIDC
provider exposes at /.well-known/jwks.json.
The JWK Thumbprint (RFC 7638) is a stable, canonical hash of
just the required public members for a given kty, sorted lexicographically
and serialized without whitespace. It uniquely identifies the key material itself —
two JWKs with the same thumbprint represent the same key even if kid,
alg, or extra metadata differ. The default hash is SHA-256, base64url-encoded.
Required thumbprint members per spec:
RSA → e, kty, n ·
EC → crv, kty, x, y ·
OKP → crv, kty, x ·
oct → k, kty.