SD-JWT generator
Issue a demo RFC 9901 SD-JWT: your claims, your choice of what's selectively disclosable, signed with a fresh throwaway ES256 key. Then take it apart in the debugger.
Requests are processed in memory on our server by the open-source PHP packages this site documents — nothing is stored, and request bodies are never logged.
Result
What you get
The claims you mark disclosable leave the signed payload — only their salted digests stay
in _sd; the values travel as separate disclosures after the ~
separators. The response includes the issuer's public key (PEM and JWK) so you can verify
the token — in the SD-JWT debugger or in code — and the private
key so nothing about the demo is hidden. The keys are generated per request and never stored;
don't reuse them for anything real.
Do it in PHP
use K2gl\SdJwt\Jws\JwsSigner;
use K2gl\SdJwt\Sd;
use K2gl\SdJwt\SdJwtIssuer;
$sdJwt = new SdJwtIssuer(JwsSigner::es256FromPem($issuerPrivatePem))->issue([
'iss' => 'https://issuer.example.com',
'sub' => 'user_42',
'given_name' => Sd::hide('John'), // selectively disclosable
'family_name' => Sd::hide('Doe'),
]);
echo $sdJwt->toCompact();
Powered by k2gl/sd-jwt; for issuing verifiable credentials
(dc+sd-jwt) on top, see k2gl/sd-jwt-vc.