Crypto & Generators Tools — 11 Free Online Crypto & Generators Utilities
Cryptographic utilities you can trust because the code never leaves your browser. Generate UUIDs, hashes (MD5, SHA-1, SHA-256, SHA-512, HMAC), strong passwords; encrypt/decrypt with AES (ECB, CBC, CTR, GCM) or RSA-OAEP; debug, sign, and encode JWT tokens; and convert Unix timestamps.
All Crypto & Generators tools
UUID Generator
Generate cryptographically random UUID v4 identifiers.
Hash Generator
Generate MD5, SHA-1, SHA-256, SHA-512, and HMAC hashes.
SHA-256 Generator
Quick SHA-256 hash using the Web Crypto API.
AES Encryption
Encrypt and decrypt data with AES (ECB, CBC, CTR, GCM).
RSA Encryption
Generate RSA key pairs and encrypt/decrypt with RSA-OAEP.
JWT Debugger
Decode and inspect JWT tokens without a secret.
Timestamp Converter
Convert Unix timestamps to dates and vice versa.
Password Generator
Generate strong, cryptographically random passwords.
JWT Generator
Sign JWT tokens with HS256 or HS512 and a custom payload.
JWT Encoder / Decoder
Encode JWT parts from header+payload, or decode any JWT.
TOTP Generator
Generate live 2FA codes from a TOTP secret with QR code for easy setup.
Frequently asked questions
- Is it safe to use these crypto tools for real secrets?
- Cryptography runs entirely in your browser using the Web Crypto API or vetted libraries like node-forge — nothing is transmitted to a server. That said, for high-value secrets we recommend a desktop tool like OpenSSL run in an air-gapped environment.
- Which UUID version is generated?
- UUID version 4 (RFC 4122) using the browser's crypto.randomUUID() API, which derives entropy from the operating system's CSPRNG.
- What's the difference between AES-CBC, AES-CTR, and AES-GCM?
- CBC is a classic block cipher mode requiring an IV and proper padding. CTR turns AES into a stream cipher with an IV. GCM is authenticated encryption — it provides both confidentiality and integrity, which is what you usually want for new code.
- Can the JWT Debugger verify a token's signature?
- The JWT Debugger decodes the header and payload without a secret. To verify or sign HS256/HS512 tokens, use the JWT Generator with the matching secret.
- Does the Password Generator use real cryptographic randomness?
- Yes. It uses crypto.getRandomValues() from the Web Crypto API, the same CSPRNG browsers use for TLS and WebAuthn.
- Are SHA-1 and MD5 still safe?
- Neither is safe for security-critical applications anymore — both have practical collision attacks. They remain useful for checksums and non-security uses (cache busting, file deduplication). For security, use SHA-256 or SHA-512.