Skip to main content
Back to Dev generators

Dev

Fake JWK Generator

Used by developers, writers, and creators worldwide.

A fake JWK generator produces a JSON Web Key object in valid structure for testing JWT verification, JWKS endpoints, and key-handling code. A JWK describes a cryptographic key as JSON, and when you build auth code that fetches and parses keys, you need a realistically-shaped JWK without standing up a real key infrastructure. This tool emits a well-formed RSA JWK with the standard fields — kty, use, alg, kid, n, and e — populated with random base64url values. Choose the key use (signature or encryption) and generate. It is ideal for developers testing OAuth, OpenID Connect, and JWKS parsing. The key is structurally valid but cryptographically fake — the modulus is random, not a real key — so it is perfect for testing how your code parses and routes a JWK, but it cannot verify or decrypt real tokens. Never use it as an actual key.

Loading usage…

Free forever — no account required

How to use

  1. Choose your options above
  2. Click Generate
  3. Copy your result

Detailed instructions

  1. Choose the key use — signature or encryption.
  2. Click Generate to produce a fake JWK object.
  3. Copy the JSON into your test fixtures.
  4. Use it to test parsing, never real crypto.

Use Cases

  • Testing a JWKS endpoint parser
  • Mock keys for JWT verification code
  • Fixtures for OAuth and OIDC testing
  • Exercising key-rotation handling logic
  • Demoing a key-management UI

Tips

  • This is for parsing tests only — it is not a real key.
  • Match kid handling to your real JWKS logic.
  • Wrap it in a "keys" array to mock a JWKS response.
  • Never use a fake JWK for actual verification.

FAQ

is this a real cryptographic key

No — it is structurally valid JSON in the JWK format, but the modulus and key material are random, not a real key pair. It cannot sign, verify, encrypt, or decrypt anything. Use it only to test how your code parses and handles a JWK.

what is a jwk

A JWK (JSON Web Key) represents a cryptographic key as a JSON object with fields like kty (key type), use, alg, kid (key ID), and the key parameters. JWKS endpoints serve sets of these so clients can verify JWTs.

what can i test with a fake jwk

Anything that parses or routes a JWK without performing real crypto — JWKS fetching and caching, key-ID matching, key-rotation handling, and UI display. For actual signature verification you need a real key pair, not a fake one.