HS512 JWT Algorithm
HS512 uses SHA-512 to produce a 512-bit HMAC signature — the strongest and largest of the three HMAC-family JWT algorithms. Same symmetric trust model as HS256 and HS384, but with maximum hash output size and corresponding key length requirements.
Key Requirements
A shared secret of at least 512 bits (64 bytes) recommended for SHA-512-tier security. Generate with: node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"
JWT Header
Every JWT using HS512 has this header (base64url-encoded as the first segment):
{
"alg": "HS512",
"typ": "JWT"
}Code Examples
Node.js — Sign (jose library)
import { SignJWT } from 'jose'
const secret = new TextEncoder().encode(process.env.JWT_SECRET) // 64+ bytes
export async function signToken(payload: Record<string, unknown>) {
return new SignJWT(payload)
.setProtectedHeader({ alg: 'HS512' })
.setIssuedAt()
.setExpirationTime('2h')
.sign(secret)
}Node.js — Verify (jose library)
import { jwtVerify } from 'jose'
const secret = new TextEncoder().encode(process.env.JWT_SECRET)
export async function verifyToken(token: string) {
const { payload } = await jwtVerify(token, secret, {
algorithms: ['HS512'],
})
return payload
}Python — PyJWT
import jwt
SECRET = "your-512-bit-secret" # 64+ bytes
token = jwt.encode({"sub": "1234567890"}, SECRET, algorithm="HS512")
payload = jwt.decode(token, SECRET, algorithms=["HS512"])When to Use HS512
When maximum symmetric security margin is needed, or when a compliance policy mandates SHA-512 hashing. The performance overhead vs. HS256 is negligible at normal token volumes. For most applications, HS256 with a properly-generated 32-byte key is indistinguishable from HS512 in real-world security.
Security Considerations
The longer token size (base64url-encoded signatures are 86 chars vs 43 for HS256) can increase cookie and header sizes. Token size is rarely a concern but worth noting for constrained environments.
Related Algorithms
Standardised in RFC 7518 §3.2 — JSON Web Algorithms (JWA).
Decode a real JWT
Paste any JWT into the debugger to inspect the header, payload, and verify an HS512 signature.
Open JWT DebuggerFrequently Asked Questions
Can I verify an HMAC JWT without knowing the secret?
No. HMAC-family algorithms (HS256, HS384, HS512) are symmetric — the same secret is used to both sign and verify. Without the secret, you can decode the header and payload (they're just base64url-encoded) but cannot verify the signature's authenticity.
How long should my HMAC secret be?
At least as long as the hash output — 32 bytes (256 bits) for HS256, 48 bytes for HS384, 64 bytes for HS512. Generate with Node.js: require('crypto').randomBytes(32).toString('hex'). Never use passwords or guessable strings as JWT secrets.
When should I use HS256 vs RS256?
Use HS256 when all services that verify the token are in your trust boundary and can share the secret securely (e.g., a single backend service). Use RS256 when you need to share the public key with external services (OAuth resource servers, third-party clients) without sharing the signing secret.
