Security and compliance

CPF Validator and Generator

Q: How does the CPF check digit calculation work?

CPF digits are calculated with decreasing weights and modulo 11. If the remainder is less than 2, the digit becomes 0; otherwise, subtract from 11. The calculated digits must match the provided ones.

Q: Can I use generated CPFs in production?

Generated CPFs are exclusive for tests and staging. Using them in production may constitute fraud and violates LGPD.

Q: How to integrate CPF validation into my form?

Implement the check digit algorithm on frontend and backend or use a validation API to block invalid CPFs in forms.

Q: Is a mathematically valid CPF the same as an active CPF?

Numerical validation only checks the structure. The active or suspended status of the CPF depends on direct consultation with the Federal Revenue.

Q: What other tools strengthen registration compliance?

Also use tools like CNPJ Validator, Secure Password Generator, and Income Tax Calculator to strengthen registration compliance.

Automatically validate CPFs, generate structured numbers for testing, and keep registrations compliant with the law. All without storing sensitive data.

Immediate benefits

• Block registrations with invalid CPFs in forms.
• Generate reliable fictitious data for QA environments.
• Educate teams about the official Federal Revenue algorithm.

Related tools

Explore o CNPJ Validator e o Secure Password Generator para completar o ecossistema de compliance.

What is CPF?

The Individual Taxpayer Registry (CPF) is the record maintained by the Federal Revenue Service that identifies Brazilian citizens and residents with tax obligations. The number has 11 digits: nine identifiers and two check digits responsible for validating the document's integrity.

Every relevant financial transaction — opening an account, obtaining credit, filing an Income Tax return — requires a valid CPF. Ensuring the provided document is legitimate prevents fraud and rework.

How is CPF calculation done?

CPF numerical validation follows three main steps: multiplication by weights, application of modulo 11, and comparison with the provided digits. Weights range from 10 to 2 in the first round and from 11 to 2 in the second, incorporating the first calculated check digit.

Step	Description	Example (123.456.789-09)
1st check digit	Multiplies the 9 digits by weights from 10 to 2, sums and applies modulo 11.	Remainder 9 → 11 - 9 = 2 (since >= 2, becomes 2).
2nd check digit	Repeats the process with weights from 11 to 2 and includes the first check digit.	Remainder 11 → 11 - 11 = 0 (final result 0).
Final validation	Compares the calculated digits with the two provided digits.	Since 2 and 0 match, the CPF is valid.

Our calculator automates the entire process, ensuring consistency with the official algorithm and enabling quick audits on large databases.

Best practices for product teams

Validate CPF on the frontend to reduce friction and repeat the check on the backend before saving the record.
Store only masked CPFs on administrative screens, protecting sensitive data.
Configure test suites with CPFs generated by this tool, avoiding real information during staging.
Combine with the {validadorCnpj} to validate partner company registrations.

Validation vs. registration status

Although the algorithm identifies mathematically legitimate CPFs, the registration status — active, suspended, canceled — can only be checked at the Federal Revenue. For secure onboarding, use this validation as an initial filter and, if necessary, integrate official services to verify fiscal status.

Frequently asked questions about CPF

Click on topics to clarify doubts about validation, generation and security best practices.

How does the CPF check digit calculation work?+

The algorithm applies decreasing weights to the first nine digits and performs two rounds of calculation. The weighted sum of each round goes through modulo 11: if the remainder is less than 2, the check digit becomes 0; otherwise, subtract the value from 11. The generated digits must match the provided ones. Our tool replicates the same Federal Revenue rules, discards CPFs with all identical numbers, and ensures consistent validations for back offices, ERPs, and financial applications.

Can I use generated CPFs in production?+

No. The generated numbers are mathematically valid but random, and should only be used in tests, staging, and QA environments. Using fictitious CPFs in production may constitute fraud or non-compliance with LGPD (Brazilian Data Protection Law).

How to integrate CPF validation into my form?+

Implement the check digit algorithm on the frontend to improve experience and repeat the check on the backend before persisting the data. It's also possible to consume a dedicated API and reject registrations with invalid CPFs, avoiding inconsistencies in the database.

Is a mathematically valid CPF the same as an active CPF?+

No. Our check only evaluates the numerical structure. The registration status (active, suspended, canceled) can only be checked directly with the Federal Revenue with a digital certificate or through authorized services. Use numerical validation as the first security barrier.

What other tools strengthen registration compliance?+

Combine this validator with the {validadorCnpj} for companies, the {geradorSenhas} for security policies, and the {impostoRenda} when crossing financial data during onboarding.