JWKS Generator

Generate a fresh signing key and the matching JWKS (JSON Web Key Set) entirely in your browser. Pick an algorithm, and the tool creates an RSA or EC key pair with the Web Crypto API, derives a stable kid from the RFC 7638 thumbprint, and gives you two things: the public JWKS to publish at your /.well-known/jwks.json endpoint, and the private JWK to keep secret and sign tokens with. The private key is generated locally and never leaves the page.

How to use the JWKS Generator

Choose a key type. RSA with RS256 is the most widely supported and the safe default for OIDC and most JWT libraries; EC keys (ES256/384/512) are smaller and faster if your verifier supports them; PS256 is RSA-PSS, a more modern RSA padding. Click Generate key and the tool produces a brand-new key pair locally.

Copy the public JWKS and serve it at your /.well-known/jwks.json (or your identity provider's keys endpoint) so verifiers can fetch the public key by its kid. Keep the private JWK secret — load it into your signing service to mint tokens. Both keys share the same kid, computed as the RFC 7638 thumbprint, so a verifier can match a token's header to the right key. Generate a new key whenever you rotate.

What is a JWKS

A JSON Web Key Set (JWKS) is a JSON document containing a list of public keys, each expressed as a JSON Web Key (JWK). It is the standard way an issuer publishes the keys used to verify its signed tokens. An OpenID Connect provider, for example, exposes a JWKS at a well-known URL; when a relying party receives a JWT, it reads the kid from the token header, looks up the matching key in the JWKS, and verifies the signature with it. This indirection is what makes key rotation possible without redeploying every verifier.

Each JWK is an object describing one key. The shared members are kty (key type — RSA or EC), use (sig for signing), alg (the algorithm, such as RS256 or ES256), and kid (the key identifier). An RSA public key adds the modulus n and exponent e; an EC public key adds the curve crv and coordinates x and y. A private JWK carries the additional secret parameters (d, and for RSA the prime factors), which must never be published.

The kid here is derived from the RFC 7638 JWK thumbprint: the key's required members are serialised as canonical JSON with sorted keys and no whitespace, hashed with SHA-256, and base64url-encoded. Because the thumbprint is computed deterministically from the public key material, the same key always produces the same kid, and two different keys effectively never collide — which makes it an ideal, stable identifier for rotation and caching.

Common use cases

  • Standing up an OIDC or JWT issuer. Generate the signing key and the JWKS to publish at your keys endpoint.
  • Key rotation. Mint a new key with a fresh kid and add it to your JWKS alongside the old one during a rollover.
  • Local development and testing. Create throwaway keys to sign and verify tokens without a full identity provider.
  • Learning the JWK format. See exactly how RSA and EC keys are represented and how the kid thumbprint is built.

Frequently asked questions

Is the private key sent anywhere?
No. The key pair is generated in your browser with the Web Crypto API and exported locally. Neither the private JWK nor the public JWKS is transmitted, so the keys are yours alone. That said, treat any key generated in a browser as test-grade unless your threat model allows it — for high-value production keys, generate inside your HSM or signing service.

What is the kid and how is it computed?
The kid (key ID) lets a verifier pick the right key for a token. Here it is the RFC 7638 thumbprint: the key's required members are serialised as canonical JSON with sorted keys and no whitespace, hashed with SHA-256, and base64url-encoded. The same key always yields the same kid.

Which algorithm should I choose?
RS256 (RSA 2048) is the most broadly supported and a safe default for OIDC. EC algorithms (ES256/384/512) produce smaller keys and signatures and are faster, if your verifier supports them. PS256 is RSA with PSS padding — more modern than RS256 but slightly less universally supported.

How do I rotate keys with a JWKS?
Generate a new key, then publish a JWKS that contains both the new and the old public keys. Start signing with the new key (its kid in the token header). Once all old tokens have expired, remove the old key from the set. Verifiers fetch the JWKS and match by kid throughout.

Can I put multiple keys in one JWKS?
Yes — a JWKS is an array under the keys member, so during rotation it normally holds several. This tool emits one key per generation; combine their public JWK entries into a single keys array to serve them together.
Embed this tool on your site

Free to embed, no attribution required (but appreciated). Paste this where you want the tool to appear: