Features

🔐 Header Inspection

Decode protected header (alg, enc, kid)
Display all header claims
Identify token type and content type
Detect compression algorithm

📊 Structure Analysis

Validate 5-part JWE format
Show part sizes (header, key, IV, ciphertext, tag)
Detect direct key agreement (empty encrypted key)
Total token length summary

🔑 Algorithm Reference

Human-readable algorithm descriptions
Key management algorithm (alg) info
Content encryption algorithm (enc) info
Covers RSA-OAEP, AES-KW, ECDH-ES, GCM

JWE Reference Guide

JWE Compact Serialization

A JWE token in compact serialization consists of exactly 5 Base64url-encoded parts separated by dots:

BASE64URL(JWE Protected Header)
  . BASE64URL(JWE Encrypted Key)
  . BASE64URL(JWE Initialization Vector)
  . BASE64URL(JWE Ciphertext)
  . BASE64URL(JWE Authentication Tag)

Only the Protected Header is readable without the private key. The ciphertext (payload) remains encrypted.

Key Management Algorithms (alg)

alg	Description
`RSA-OAEP`	RSA-OAEP key wrapping
`RSA-OAEP-256`	RSA-OAEP with SHA-256
`A128KW / A256KW`	AES key wrapping
`dir`	Direct symmetric key (no encrypted key part)
`ECDH-ES`	Elliptic Curve Diffie-Hellman Ephemeral Static

Content Encryption Algorithms (enc)

enc	Description
`A128GCM`	AES-128-GCM (authenticated)
`A256GCM`	AES-256-GCM (authenticated)
`A128CBC-HS256`	AES-128-CBC + HMAC-SHA256
`A256CBC-HS512`	AES-256-CBC + HMAC-SHA512

Common Use Cases

OIDC / OAuth 2.0: ID tokens encrypted with the client's public key
API Security: Encrypt sensitive request/response payloads end-to-end
Healthcare (FHIR / SMART): Protect PHI in token payloads
Financial (FAPI): Encrypt authorization responses per FAPI 2.0
Debugging: Inspect which algorithm and key ID was used without decrypting

FAQ

Q: What is the difference between JWT and JWE?

A: JWT is a general term for JSON-based tokens. A JWS (JSON Web Signature) token is signed but readable; a JWE token is encrypted and its payload cannot be read without the private key. Both use the same compact dot-separated format but JWE has 5 parts while JWS has 3.

Q: Can this tool decrypt the payload?

A: No. Decryption requires your private key and should only happen server-side. This tool only decodes the unencrypted protected header and analyzes the token structure.

Q: Why is the Encrypted Key part empty for some tokens?

A: When the alg is dir (direct key agreement), no wrapped key is included. The content encryption key is used directly, so the encrypted key part is an empty string.

JWE Token Decoder