Post-Quantum JWT Playground
New here? Read How to use this playground — a short walkthrough of building, validating, and breaking a token.
01 Build a token
Share link restores these claims & options — never keys. Whoever opens it gets a fresh server-side key set of their own.
02 Validate a token
Validates against this session's demo keys. Fail-closed: anything wrong is rejected with a reason.
03 Break it
Each button starts from a freshly-built valid token, tampers with it, then runs it through the same validator. Fail-closed means every one is rejected — with a specific reason. This is the library's core promise, made visible.
04 Session keys
Generated server-side and held in memory. Private keys never reach the browser. Regenerating invalidates tokens built with the old keys.
ML-DSA-65 verification (public)
gerFdVTve0PBf0F/zU2sF/XAOovy5+2gpCB6HhONFWXI3V6BZCIENH/d0VsSxOF0 li03+27Wp30vqxf1T+iKaKsMonut8HT0kIYpgmDldQwT3+4v2lPnKBiNnquIGTKM QZ9ZAIgDXN28VHMhgGalD9Fqdoo/vfDXJeC1KLsnDRKpYxD6KbgPDZQR5+eNzLSp WAKCjDE70bcsTpAY+ipcGYMWyjP5amPxKG47FTANo8VFdL2Eip0ePEAer2eJViX7 13ysa9G2xvHcSKKDrcdvu3u5YvXe7VvG/TdJIaReiT1x6doVzFOHKllUH3QKm1Iw bZOM/Ia0lxOCvYDjDKE+2ce3kcTMP2S7VuMT+WaPbgwCFqlvUEbp/OEGK/F4LgnP h6r/muW2xXOmGwYkGohqusgu4YEmtjWAeG+obJzHxLZ9e+hSrOlSCfocBLILZsgt Xo8X2cs65WIZ9m3YRSFXZgLZJjbyFUSdnKNbvuZvrYtwelH6B+2D5QnmdWN5tncp M0S2R9XVgZcka/ZWqHVwLaoQZ1xMnRey5OSvfZYi1MQejfQc1nIKd8SoPmrv8701 IWwGSGs6Joz6G/X2ODA6/WSvmKoBXRJR/XliuPFanFiu00YVzOs43slvPefNz6gB BAlX4o/PPlAwOmYmgpsj+nhYD31+GSUzAGv855NPqMmm1aw5Ip6PMM1qqaVbUKUv 0vsSCAo86GkTtdsxsHQRmXCp4R7EU0KyF5cDpC2yRmjC6X3qz2hfcOKfC79y21ud aCZl1Pib03EEOZgBr4aFBiFcG6zNWp77h0iLwOetNRjPjWjbHVPSVLJqh2ljpMFW pNLesxbfmNxKnOOSn8aGuJ4fNX3TR8yFzT5m504AMQ7ARed4IERXxMX8iBJ08Hfv pwKviKnOM7DnP24nrZk+iE8YGfbillXhgGBfnPhLLA068fdhEfNK2Hk2TZNTrgs1 hMSpGWzNHu9y3Dy+w72g7F/1Ks0dOOPSMf+xPLaAG/Zr5I2bwJF1PidWIGiHUZRb NKw8UKhlUEb7kpeRs4HER0JG9ru+PFgzrM9MOxPN8JPSTJaPltSWhDzniny80jrC JzHKVObO/KPtdPi00A/zZRrQ5KWpEFmedeU3yFsY8ZQp8TlCUCbLoSMcFphZaK0Z ZZXmbxTJNQlI05lA+sOJmdK8yu5qVikMUvDAfp4k5rIWFmb+sSkatna6y5G1K30a JgRhkW1R0P3K2XCeuJCAATXWo+GKvwF1EdDgv+ukiWQ7vEwKS8uBfM8yUUG1fP3t i8N/qJMfoLdX/1jF4dzwSWNBO28rOutVdgh7IXDlotLUAP3N+YayNEgYKy8ky0Di +2RQmJ/ndmKW3ENv41GexTvQFy5GoRBx1fnV9y8sKFR5zZSB1C//qtjs3j3tAJy1 OHlKwYuW1UFrSapAyGXpcsx8VjCoj5eOuxWhM4QVjxivDGhZ+MHME1OG+kE1vb1t In1ohrgVVPZ24Scpi/74d8Jx5YWNktqwD6YEQtlKF7KKlqT6yOnIVn0egVmB7g2/ ugE7h3BKcrEW/jTINtURLGnrwf+i6VKdnBWnef62D/FVU9bOqyOLpnoXX1VjuR5h IHV64wsWFOQVmnidetN1QcZ5uZBDd3mauegn1y2C0dSWbsq7JfYEcLPQaPR7/snM F+pOcp3WcirgCERapZzGzjiTMv2c0/F1Fr3yGDcRyAorqhjGzQmMIXuec4Z9Vjyp /vmhNR1eh0dGw5EugCK4BN+Z/zh9/N+MhWTBtNjf5bN3/5/b8LlL5AiUpjj2ooUE C0gA6MpAZA+9pNmMZMwwz3pn3Vk3VRMLJY1KhKyM7U/ik328TZXrtjoJoTesTYIC NQiTQuL1lsNCRoFMfr9+Ld5dC9OrE2lhrMa0cYi5mEI+akvvCVp+jO/ShVvapTZb jvPNcBA6dy1gJ/o5hIdiqr5ucKH0jYgiHuHn44R0pYct2Lk6qsoTx+ljfAMPNMIx 4UTq4pRp3Fq/6TsfZEM+v6mCrtDWE2fzGjbuJKepq8xKKmUfOcZqv64y6/jewEfd pSWg3+BZGsjkQ/YRt6kSEbJn86j0p9lmex6eGwJ0kx35ZTt9Mp7Ga1zT9J4nbgiC hQ/4MTFw5us+hjT4mmjK4WEjRGBBU8UbF7lx5dLSgQ3+9OzxyjZ/0ZOfhF1Rf7Fm eefXjsR6GvUKmUCRWSE2rklz9rUbFN850zBJ/GC+tofusC3L7uD9SnqUy8dS0r7K Ognj8+0f8hLQ0N+hoiqM7VdFkB9l/BRiftObbut2ggHyUK0uWfXm+Q5bsB9IGZGn z3tp4Vrxcbpy2juTa3Vp5Y/xxxL6fwbkq+c2UuOnqfThb9/EZAxxr6M9+YX8xO7A SHgW8E2XY9FAhXXn/LkSoFFU9PvL6URTWBIgFgixBKWv0cTIcFUa9fD0ckiNSofB q8rzvmgE/lEYC/5bKZt1KTDhDKsP7AUTOZlOjUp8r4EhpmpKoa7ZaDHjcnIcu5Aj pIbDSUCFbyN6tryVbX4ScV15phxDYQczfEO+32BhV6AUxKtzDmOW9+PrhveGuvry fkpAXK70Zn84RSJq0Cmag5Q59EehxvrOxhVfKk/dmlw=
X-Wing recipient (public, 1216 B)
EtCam8R5NeBCnSoJC/cUL6rJ7QeeIYCx0ewsjvVgVvQ7LjZRkzbHALk9LPFj89lC UrXBdmYof4RGgMo1/tI1WHLMzzdJ9sQ6ARhNwuvLs3AyW8Ax9qPEY8Kw1hXClZBi TrNrlVVlS+JRG3uF2OdigDSbYWoDLzUZgjmD6QEK7uleRmUjNiXE7ArFIlob5bwv IPPNkLWuWwcA2PSkC0xQ8Cak6EFzRLWBKCMwCtqmDARO0zGtPwFr83O5CcaUVyoA ohu3bWORQ/JB+DSL3Cw/DaY8XeUiAhd8+PxQkkWUYQMoaVrCBss+SfpwTApPj6at mhsHImPMyawvNHtX4vEp4lSv03uTZDRTyLFIyiRxWWZRI7u1l6AR9Mp7dIkNiCye 0DY9sJtibTEtqpMJrzJR0HnOkZyPrFgfdzeUOmALlEEpucUSPdxHCIssaWAh1Jyh FxTBJZbGUFo7j2tSe1NEL1aHwmOLLGJ4tDktl9hH/LlrdwU1GcM8I/WPGAYoNAcn u0M/M5gZ1FsIMHe2o/s7KvK1pxSGylISAPGVTCltJxdonmGhCSu4cll63zoTtjtN 0faT7dO490qiKkxlb9t7QagI0vKRklVvJgtwVaKLTrO4P/k1bfeBF2gt34wSPakH GpG97PS526W7u2wyekZ4PFC7H5hqD9mvhkwW5lQKzaaMOpIIezQsDXKzQTwwGNgZ PiZlMndwc+I8qvTMqgKYQfGRU2cFvpw7HcBHFrW3P6g/JwV3fLV+hUDOZMTIhCB8 9oGZqqp5IEp64fcLtGAYzswzTIqiXeQHIwy4t1OLsZlQPWU7tbtfHSCbwvUMclqq 9TkJMpa9ogmKnhsxGLpUI9BvQGtpOZp0kIdaIJkHElSomHZas8uBRtVfXveRrwq1 4wBhRemcb2MJ5adDwZgyKySIiiF5zJRk7iSQ1shRdblcBLliGCkOdgdu2zQTg9Ya DUtGE/IiMtR1wqSw4WohLmoCmwxp80lifuw2KnhorHSYNmEsyGCQ+YUTo7EvokkR P4OHJgGgQ2WmaPyL9asTZ0KQJVm06Jlax3kIvwQDzpRp9oxgaaQ80fghapQd5KhB dxlGqGBYghpzaAaWK2PL69pjgYiDTgzB3lk4eLtUX9K2d1Uv3fDB+Ai8HvotRpqs IxMmQOghFzqlMZINU3prZ+BMLazAM5oLggOrETRLz3NYKYAKvddNsZQ0roBcP9bC uxmbHXt9n/MpiIQB/MdLl5QTbQAqMjFJyuUMMLtqEGKEz8Rdm7tAilYvKmJlhMJR 1lUAOzfBpRwCoXhgjVeiekM+l5ybqMB9O1oqLei7JlRyEkxSAWuduZx9S6BPCgBC A9IbPws+jVR+YpZ4j3V4+yqMYHofMoSIPglzdFaj9IqLQuyrPRW+TxU36KBUuqZi IcJd1gdiJQfJ0vCe9nYT7iTMggqqE2y98yIGt/NSR8k7aCSlnos3rimrCfCGqwVp a0YT/VbJVEsx7nwoOcCY4MOMUfJTDyGQ3kl0J7VznxeR6vIs6FFfoftyENm3OgVa qnwA5SZTQdibseDpl1kwPyMIMs7JQKDjyX3NI0qn7N2xzjAWS9jBzdKaxxeTTZ+7 svlSPe+lDPWIoClgfI0ySQ==
playground-key-105 What this protects against
ML-DSA-65 over header+payload. Edit any claim and the signature no longer verifies.
The validator accepts one suite and never trusts the token's own alg. No alg: none path exists.
Hybrid X-Wing: an attacker must break both X25519 and ML-KEM-768 to recover an encrypted payload.
exp is required; nbf enforced; optional jti replay cache rejects reuse.
Strict canonical base64url (RFC 7515): no slack bits, no whitespace — one string per token. Every malformed input fails closed.
Non-IANA identifiers mean these tokens are deliberately non-interoperable with standard JWT stacks.
Preview software; the construction has not had an independent third-party audit.
06 Classic vs hybrid vs pure PQC
Honest properties, not benchmarks. One clarification first: on signatures,
this library is already pure post-quantum — ML-DSA-65, with no classical
co-signature. The hybrid is only in the optional encryption
(X-Wing = X25519 + ML-KEM-768). So the “pure PQC” column below differs from
this library only by dropping that classical encryption hedge.
| Property | Classic JWT RS256 / ES256 / EdDSA |
This library ML-DSA-65 + X-Wing |
Pure PQC PQ sig + ML-KEM only |
|---|---|---|---|
| Signature vs a quantum computer | Broken by Shor's algorithm on a future CRQC | ML-DSA-65 (NIST FIPS 204) — lattice-based, not Shor-breakable | Also a PQ signature (e.g. ML-DSA) |
| Encrypted-payload confidentiality vs harvest-now-decrypt-later |
Classical KEM (RSA / ECDH) — harvestable now, decryptable once a CRQC exists | Hybrid X-Wing: an attacker must break both X25519 and ML-KEM-768 | PQ-only KEM: no classical fallback if the PQ scheme is later weakened |
| Token size | Small (~0.2–0.5 KB) | Large (~4.6 KB signed, ~7.8 KB encrypted) — PQ signatures & KEM material are big | Large — same PQ size pressure |
| Interop & standards | Broad; IANA-registered, validates in any JWT stack | ML-DSA-65 & A256GCM registered; the X-Wing JOSE profile is not → won't interop | ML-DSA-for-JOSE registered; KEM-in-JWE profiles still emerging |
| Maturity | Decades of deployment & review | Preview, unaudited; controlled issuer/verifier systems only | Young PQ-JOSE ecosystem across the board |
CRQC = cryptographically-relevant quantum computer. Sizes are representative, not measured here (the live token's exact size is shown when you build one above).