Alpha DevTools logoAlpha DevTools
All ToolsBy Technology
Search tools…⌘K
ToolsSecurity

Security

Hash, encrypt, sign and decode — SHA256, Bcrypt, JWT, RSA

15tools

All 15 security tools run entirely inside your browser using WebCrypto and JavaScript cryptography libraries. Your keys, passwords and sensitive data are never transmitted to any server. From hashing and encryption to SSH key generation, certificate inspection, JWT tokens and 2FA codes, every common developer security task is covered.

15 tools

UUID Generator

Generate UUID v1, v4, v5 in bulk

Crypto Hash Tools

Hash text with SHA-1/256/384/512, compute HMAC signatures, and hash/verify passwords with Bcrypt

Password Tools

Generate secure passwords with custom options and evaluate password strength with entropy and crack-time analysis

JWT Decoder

Decode and inspect JWT tokens

JWT Generator

Generate and sign JWT tokens

RSA / ECDSA Key Generator

Generate RSA, RSA-PSS and ECDSA public/private key pairs in PEM format

TOTP Generator

Generate RFC 6238 TOTP / Google Authenticator codes from a Base32 secret. Live countdown timer, configurable step and digit count.

SSH Key Generator

Generate Ed25519 and RSA SSH key pairs in your browser. Outputs public key in authorized_keys format and private key in OpenSSH format.

X.509 Certificate Decoder

Decode and inspect PEM X.509 certificates in your browser. Shows subject, issuer, validity, SANs, serial number and key details.

.htpasswd Generator

Generate Apache/Nginx .htpasswd password file entries using Bcrypt, SHA-1 or plain text — entirely in your browser.

AES Encrypt / Decrypt

AES-256-GCM encryption and decryption with password-based key derivation (PBKDF2)

CRC32 Generator

Calculate CRC32 checksums for any input text in hex, decimal and binary

Secret Key Generator

Generate secure secret keys for Django, Flask, JWT, API keys, URL-safe and passwords

Bcrypt Hash Generator

Generate and verify bcrypt password hashes in your browser — configurable salt rounds (4–14). Uses bcryptjs, nothing leaves your device.

HMAC Generator

Generate HMAC-SHA256 message authentication codes — paste a message and secret key to produce a hex digest for API signing and integrity checks.

All categoriesOther categories
Formatters33Converters64Encoders & Decoders8UI Tools12Diagrams7Text & String11Numbers & Dates5Image & Media6Web & SEO6Developer Tools12DevOps & Network3Form Generators6Validators1

About Security

This collection covers hashing, symmetric and asymmetric encryption, token inspection, password tools and more. All 15 tools run 100% client-side — no server round-trips, no uploads, no account required. Cryptographic operations use the browser's built-in WebCrypto API or battle-tested WASM libraries for maximum accuracy.

Features

  • ✓SHA-256, SHA-512, SHA-1, MD5, SHA-3 and RIPEMD-160 hash generators
  • ✓Bcrypt hash generator and verifier with configurable cost factor
  • ✓AES-256 encryption and decryption with CBC and GCM modes
  • ✓JWT decoder — inspect header, payload and signature without a key
  • ✓JWT generator — create signed tokens with HS256, RS256 and ES256
  • ✓RSA key pair generator — 1024, 2048 and 4096-bit keys in PEM format
  • ✓Ed25519 and RSA SSH key pair generator — output in OpenSSH authorized_keys format
  • ✓X.509 certificate decoder — inspect subject, issuer, SANs and validity dates from PEM
  • ✓TOTP / Google Authenticator code generator with live countdown timer
  • ✓.htpasswd file generator using Bcrypt, SHA-1 and SHA-256-crypt algorithms
  • ✓HMAC generator with SHA-256, SHA-512 and MD5 digest options
  • ✓CRC32 checksum generator for file integrity verification
  • ✓Password generator with configurable length, symbols and entropy display
  • ✓Django / Flask / JWT / API secret key generator — cryptographically secure random strings
  • ✓Everything runs 100% in your browser — your data never leaves your device

Common Use Cases

  • Generate a SHA-256 hash of a password or file checksum for integrity verification
  • Hash passwords with Bcrypt before storing in a database
  • Encrypt sensitive configuration values with AES-256 before committing
  • Decode a JWT token to inspect claims, expiry and algorithm without a library
  • Generate an Ed25519 SSH key pair for server authentication or GitHub access
  • Decode an SSL/TLS certificate PEM to check expiry, SANs and issuer chain
  • Generate a TOTP 2FA code to test authenticator app integration
  • Create an Apache .htpasswd file entry with Bcrypt for basic auth protection
  • Create HMAC signatures for webhook verification or API request signing
  • Generate a secure random password with high entropy for a new account
  • Compute a CRC32 checksum to verify downloaded file integrity

Frequently Asked Questions

QIs my data sent to a server?

No. All cryptographic operations run in your browser using the WebCrypto API or WASM libraries. Nothing you enter is ever transmitted.

QCan I use these tools for production secrets?

Yes — the algorithms are standard (SHA-256, AES-256-GCM, RSA-2048) and the implementations use the browser's native WebCrypto API. Always review security-critical decisions with a qualified engineer.

QCan the JWT decoder verify a signature?

The JWT decoder decodes and displays header and payload without verifying the signature. Use the JWT generator to create signed tokens with HS256, RS256 or ES256.

QWhat is Bcrypt and when should I use it?

Bcrypt is a password-hashing function designed to be slow, making brute-force attacks expensive. Use it whenever you need to store user passwords — never store plain-text or MD5/SHA passwords.

QWhat SSH key types does the generator support?

The SSH key generator supports Ed25519 (recommended for modern security) and RSA 2048/4096-bit keys. Ed25519 keys are smaller, faster and more secure than RSA. The public key is output in authorized_keys format ready to paste into your server.

QWhat does the X.509 certificate decoder show?

It decodes PEM certificates entirely in your browser and displays the subject, issuer, serial number, validity dates (with expiry warning), Subject Alternative Names (SANs), public key type and whether the certificate is a CA.

See Also

  • Crypto Hash GeneratorSHA-256, SHA-512, MD5, SHA-1, SHA-3 and RIPEMD-160 hash functions
  • JWT DecoderDecode and inspect JWT tokens — header, payload and signature
  • JWT GeneratorCreate signed JWT tokens with HS256, RS256 and ES256
  • AES EncryptionEncrypt and decrypt data with AES-256 CBC and GCM modes
  • SSH Key GeneratorGenerate Ed25519 and RSA SSH key pairs in OpenSSH format
  • X.509 Certificate DecoderDecode PEM certificates — subject, issuer, SANs and validity
  • TOTP GeneratorGenerate RFC 6238 TOTP codes compatible with Google Authenticator
  • Password GeneratorGenerate secure random passwords with configurable entropy
  • Base64 Encoder / DecoderBase64, URL, HTML entities, binary and hex encoding
189+ tools·and growing
100% private·nothing uploaded
Zero signup·open instantly
Always free·no paywalls ever
Alpha DevTools logoAlpha DevTools

Fast, free developer utilities for daily tasks. No signup required. Everything runs in your browser.

GitHubTwitter

Categories

  • Formatters
  • Converters
  • Security
  • Encoders & Decoders
  • UI Tools
  • Diagrams
  • Text & String
  • All categories

Technologies

  • JSON
  • YAML
  • CSV
  • XML
  • SQL
  • HTML
  • CSS
  • All technologies

Popular Tools

  • JSON Formatter
  • UUID Generator
  • JWT Decoder
  • Regex Tester
  • SQL Formatter
  • YAML Formatter

Platform

  • Home
  • All Tools
  • By Technology
  • Licenses
  • Contact

© 2026 Alpha DevTools — All rights reserved.

189+ tools · 14 categories · Free forever·Open-source licenses