JSON Canonicalizer (RFC 8785)
Canonicalize JSON per RFC 8785 (JCS) and generate SHA-256/SHA-384/SHA-512 hashes. Sort object keys by UTF-16 code unit order for deterministic digital signatures and HMAC verification.
Last updated:
How to Use
Expand how to useCollapse how to use
- 1
Enter JSON
Type or paste the JSON data you want to canonicalize into the text area.
- 2
Review Results
The canonicalized JSON (RFC 8785) and SHA-256/SHA-384/SHA-512 hashes are displayed automatically.
- 3
Copy Results
Click the copy button next to the canonicalized result or hash values to copy them to your clipboard.
JSON Input
About JSON Canonicalizer
JSON Canonicalizer normalizes JSON data according to RFC 8785 (JSON Canonicalization Scheme) — sorting object keys by UTF-16 code unit order, stripping whitespace, and normalizing numbers to produce byte-identical output from semantically equivalent data. Canonical JSON is the prerequisite for deterministic digital signatures: JWS (JSON Web Signature), webhook HMAC verification, and distributed system integrity checks all depend on the same bytes being hashed regardless of key insertion order or whitespace differences. SHA-256, SHA-384, and SHA-512 hashes are computed alongside so you can cross-check signatures or cache keys without leaving your browser.
Key Features
- RFC 8785 (JCS) compliant JSON canonicalization
- Object key sorting by UTF-16 code unit order
- Simultaneous SHA-256/SHA-384/SHA-512 hash generation
- JSON syntax error display with line numbers
- Individual copy buttons for canonicalized result and hash values
Use Cases
- Generate a canonical form of a JWS (JSON Web Signature) payload to verify that your signing implementation matches the RFC 8785 spec
- Debug webhook HMAC signature mismatches caused by different JSON key ordering between the sender and receiver
- Compute a deterministic SHA-256 cache key for a JSON configuration object that may be serialized with different key orders by different runtimes
- Verify that two JSON objects from different services are semantically identical by comparing their canonical hashes
- Produce canonical JSON for audit log entries that must be tamper-evident and independently verifiable
FAQ
What is RFC 8785 (JCS)?
RFC 8785 defines the JSON Canonicalization Scheme (JCS), a standard for normalizing JSON data. It specifies rules for producing identical byte sequences from the same data, making it suitable for digital signatures and hash comparisons.
How does this differ from JSON.stringify()?
JSON.stringify() depends on V8's insertion order for object keys and varies whitespace based on arguments — two logically identical objects serialized by different services or runtimes will produce different byte sequences and different HMAC signatures. RFC 8785 sorts keys by UTF-16 code unit order, removes all whitespace, and normalizes number representation to guarantee byte-identical output regardless of origin.
Why only SHA-256/SHA-384/SHA-512?
Since canonical JSON hashes are used for tamper detection and digital signatures, only the cryptographically secure SHA-2 family is supported. MD5 and SHA-1 are vulnerable to collision attacks and are unsuitable for this use case.
Is my input data sent to a server?
No. Canonicalization and hashing use the browser's Web Crypto API locally. JSON payloads containing private keys, webhook secrets, or sensitive configuration are never transmitted.