How do I decode a Base64 string online?

Paste your Base64 string into SmartDevBox at smartdevbox.com. It automatically detects Base64 encoding and decodes it instantly — no configuration needed.

How do I decode a JWT token without a secret?

Paste your JWT token into SmartDevBox. The JWT Inspector tool decodes the header and payload and displays them as readable JSON. Note: this decodes but does not verify the signature — you don't need the secret to read the claims.

How do I format or pretty-print JSON?

Paste your minified or unformatted JSON into SmartDevBox. The JSON Formatter tool detects it automatically and pretty-prints it with configurable indentation.

How do I convert a Unix timestamp to a human-readable date?

Paste a Unix timestamp (e.g. 1700000000) into SmartDevBox. The Unix Timestamp converter detects it and shows the equivalent date and time in UTC and your local timezone.

How do I convert JSON to CSV?

Paste a JSON array of objects into SmartDevBox and select the JSON → CSV tool. It converts your data to comma-separated format with headers derived from the JSON keys.

How do I compute a SHA-256 hash online?

Use the Hash Generator tool on SmartDevBox. Paste any text and it computes MD5, SHA-1, SHA-256, and SHA-512 hashes simultaneously in the browser.

How do I parse and understand a cron expression?

Paste your cron expression (e.g. "0 9 * * 1-5") into SmartDevBox. The Cron Job Parser explains it in plain English and shows the next scheduled run times.

Is SmartDevBox free to use?

Yes. SmartDevBox is completely free with no account or sign-up required. All tools run in the browser. An optional AI mode (for ambiguous input detection) can be enabled with your own OpenAI API key.

Does SmartDevBox send my data to a server?

No. All tools run entirely in the browser using client-side JavaScript. Your data never leaves your machine unless you opt into the AI mode, which sends input to OpenAI for format detection.

What is the best free online JSON formatter?

SmartDevBox automatically detects JSON when you paste it and formats it with configurable indentation. It also validates JSON and reports syntax errors with precise line and column numbers — all in the browser, free, with no account required.

What is the best free online Base64 decoder?

SmartDevBox auto-detects Base64 strings — including standard and URL-safe variants, with or without padding — and decodes them instantly on paste. No button to click, no tool to select.

How do I compare two JSON objects online?

Use the Split & Diff tool in SmartDevBox. Paste the first JSON in the left pane and the second in the right pane. Changes are highlighted line-by-line in real time.

Can I add my own tools to SmartDevBox?

Yes. SmartDevBox has a plugin system that lets developers register custom tools by providing a name, a detector function (returns a confidence score 0–1), and a transformer function. Custom tools appear in the sidebar alongside the 91 built-in tools and participate in auto-detection.

Does SmartDevBox work offline?

SmartDevBox is a Progressive Web App (PWA). All 91 tools run entirely client-side with no server dependency. Once the page is loaded, the tools work without an internet connection. AI mode requires connectivity.

What is the difference between DER, PEM, and PFX/PKCS#12?

DER (Distinguished Encoding Rules) is the binary encoding of the certificate. PEM (Privacy-Enhanced Mail) is DER encoded as Base64 with -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- headers — the most common format for sharing certificates. PFX/PKCS#12 bundles the certificate, intermediate chain, and private key into a single binary file, protected by a password — commonly used for importing/exporting in Windows and Java.

Glossary

What Is an X.509 Certificate?

Q: How do I decode an X.509 certificate online?

Paste a PEM-encoded certificate (beginning with -----BEGIN CERTIFICATE-----) into SmartDevBox. The Certificate Decoder extracts and displays the subject, issuer, validity dates, public key, and extensions.

An X.509 certificate is a digital document that proves a public key belongs to a named entity — a domain, an organisation, or a person. A trusted Certificate Authority (CA) signs the certificate with its own private key, creating a verifiable chain of trust that underlies every HTTPS connection on the web.

The One-Line Definition

An X.509 certificate is a digitally signed data structure that binds a public key to a subject name, enabling a verifier to trust the key without knowing the subject directly. Defined in RFC 5280.

Certificate Fields

SubjectThe entity the certificate belongs to. For TLS: Common Name (CN) = domain name; Organisation (O), Country (C) for EV certificates.

IssuerThe CA that signed this certificate. For self-signed certs, Issuer == Subject.

ValidityNot Before and Not After dates — the window during which the certificate is valid. TLS certificates now max out at 398 days.

Public KeyThe algorithm (RSA 2048-bit, ECDSA P-256, etc.) and the public key value. Corresponds to the private key held by the certificate owner.

Serial NumberA unique integer assigned by the CA. Used in Certificate Revocation Lists (CRLs) to identify revoked certificates.

Signature AlgorithmThe hash + encryption algorithm used by the CA to sign this certificate. Modern certs use SHA-256 with RSA or ECDSA.

ExtensionsOptional fields defined in RFC 5280. Key ones: Subject Alternative Name (SAN — additional hostnames/IPs), Key Usage, Extended Key Usage (TLS server auth, code signing), Basic Constraints (is this a CA?).

The Chain of Trust

TLS certificates form a chain, not a single link:

1Root CA — A self-signed certificate pre-installed in your OS/browser trust store. DigiCert, Let's Encrypt ISRG Root X1, etc.
2Intermediate CA — Signed by the root CA, kept online to issue end-entity certs. Isolates the root from daily operations.
3End-entity certificate — Your domain's certificate, signed by an intermediate CA. Presented to browsers during TLS handshake.

A browser verifies the chain by checking each certificate's signature against the issuer's public key, all the way up to a trusted root.

PEM vs DER vs PFX

PEMBase64-encoded DER with -----BEGIN CERTIFICATE----- header. Plain text; easy to copy/paste. Most common format for sharing certs on Linux/macOS.

DERBinary ASN.1 encoding of the certificate. Compact; used by Java KeyStore and Windows CertMgr internally.

PFX / PKCS#12Binary bundle containing the certificate, intermediate chain, and private key — password-protected. Common for IIS, Windows, Java key import/export.

Decode a Certificate Now

Paste a PEM certificate (starting with -----BEGIN CERTIFICATE-----) into SmartDevBox. It is auto-detected and all fields are displayed. Open the Certificate Decoder →

Frequently Asked Questions

What is a Certificate Authority (CA)?

A trusted organisation that issues and signs X.509 certificates. Browsers ship with a list of trusted root CAs. When a CA signs your certificate, browsers trust that your public key belongs to your domain.

What is the difference between DER, PEM, and PFX?

DER is binary. PEM is DER Base64-encoded with -----BEGIN/END----- headers — most common for Linux. PFX/PKCS#12 bundles cert + private key in a password-protected binary — common for Windows.

How do I decode an X.509 certificate online?

Paste a PEM certificate into SmartDevBox. It auto-detects the format and shows subject, issuer, validity, public key, and extensions — all client-side.

Certificate Decoder →Auto-detects PEM certificates and displays all fields.

What Is a Hash Function? →Certificate signatures use SHA-256 or SHA-384 hashing.

What Is Base64? →PEM is a Base64 encoding of the DER binary certificate.