Dev
Fake JWK Generator
OAuth and OpenID Connect code that fetches and parses a JWKS endpoint is tedious to test without a real key infrastructure. Standing up an auth server just to get a JWK object is overkill for a unit test. This tool emits a structurally correct RSA JWK — with all the standard fields populated — so you can test your parsing, routing, and key-rotation logic in isolation. The key use input selects between sig (signature) and enc (encryption). A sig key sets alg to RS256; an enc key sets alg to RSA-OAEP-256. The output includes kty: "RSA", a random kid, a 342-character base64url modulus (n), and the standard public exponent e: "AQAB". The modulus is random bytes, not a real key pair, so the JWK is structurally valid but cryptographically meaningless — it cannot verify a signature or decrypt a payload. Wrap it in a {"keys": [...]} object to mock a JWKS endpoint response, and swap in a real key pair when you move to integration tests.
How to use
- Choose your options above
- Click Generate
- Copy your result
Detailed instructions
- Choose the key use — signature or encryption.
- Click Generate to produce a fake JWK object.
- Copy the JSON into your test fixtures.
- Use it to test parsing, never real crypto.
Use Cases
- •Testing a JWKS endpoint parser
- •Mock keys for JWT verification code
- •Fixtures for OAuth and OIDC testing
- •Exercising key-rotation handling logic
- •Demoing a key-management UI
Tips
- →This is for parsing tests only — it is not a real key.
- →Match kid handling to your real JWKS logic.
- →Wrap it in a "keys" array to mock a JWKS response.
- →Never use a fake JWK for actual verification.
FAQ
is this a real cryptographic key
No — it is structurally valid JSON in the JWK format, but the modulus and key material are random, not a real key pair. It cannot sign, verify, encrypt, or decrypt anything. Use it only to test how your code parses and handles a JWK.
what fields does the generated JWK include
The output includes kty (RSA), use (sig or enc), alg (RS256 or RSA-OAEP-256 depending on the selected use), a random kid, a 342-character random base64url modulus (n), and the standard public exponent AQAB (e). Private key fields (d, p, q) are not included.
what can I test with a fake JWK
Anything that parses or routes a JWK without performing real crypto — JWKS fetching and caching, key-ID matching, key-rotation handling, and UI display. For actual signature verification you need a real key pair, not a fake one.
You might also like
Popular tools from other categories that share themes with this one.
Try these next
More free tools from other corners of the catalog, picked by shared themes.