Tools / Security / Vol II

STIR/SHAKEN Identity Decoder

Paste a SIP Identity header and get an annotated PASSporT view — attestation level (A / B / C), origination and destination claims, iat freshness, and the JWS header / signature breakdown. Built for the telecom-specific claims that generic JWT decoders don’t understand.

Everything runs in your browser. The text you paste is never sent to any server — no network requests, no analytics on input content, no logging. Safe to use on real production traces.

About SIP Identity headers

The Identity header (defined in RFC 8224) carries a JSON Web Signature whose payload is a PASSporT (Personal Assertion Token, RFC 8225). STIR/SHAKEN (Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs) is the FCC-mandated framework for combating illegal robocalling — every U.S. originating carrier signs outbound calls with an attestation about the caller’s right to use the originating TN.

STIR/SHAKEN gets a chapter-length treatment in Securing VoIP at Every Layer — including how to read signed Identity headers in a real call trace, validate attestation chains, and design a compliance posture that holds up under FCC audit.