PEM ↔ JWK Converter — Public Keys

Convert RSA/EC public PEM (SPKI) to JWK JSON and back. Private PKCS#8 input yields redacted public JWK only. Paste-only — no network.

Loading…
PEM ↔ JWK converter
Convert public keys locally. Private PEM never exports raw private JWK fields.

Developer notes

• Auto-detect PEM vs JSON. • Exported JWK omits alg (signing alg unknown from bare key). • PKCS#1 RSA private keys rejected — convert to PKCS#8 first. • Private JWK → PEM not supported in v1. • 512 KB limit.

Options

Direction
auto detects PEM headers vs JSON kty.
Sort keys
Stable JSON key order for diffs.
PEM label
SPKI PUBLIC KEY when exporting PEM from JWK.

When teams pick this route

• Build JWKS JSON from a PEM public key. • Export SPKI from a JWK for OpenSSL/config pipelines. • Pair with inspect-jwks for inventory.

Worked examples

SPKI PEM → JWK

Input

-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJDt1LpPJr4g8MDwd8cM JaKiwjzmq4TYuQmA3SznzJNiV+8arfSrOVUx55Q8kg4Rwd1PxSMhx8jXr3kqfpMh bZZMQjmW5+hjqUW1pUC+Qzkgh8ARNCXVqfp77GKqBFFulB+GQCJ6J3QBwXMwgFOz jTNMKCXjHV1K8MU6zvSnSJs2EXeFw6OL6cXTRIg+1So0S9xrdXdzZBdH2md+//0u fRDzNVPuM/3QNAx/bsYIcGn0iE1KnZLnKgJHBw9Wq4Qqcp4LnIvYFIi3WStQDN8c rO6qRzjdY0Khou3s3VAByD5QiZEGxOl3kblCeSDBkWGGanSHen/fD/MGFGazU/r8 nQIDAQAB -----END PUBLIC KEY-----

Output

{ "kty": "RSA", "n": "...", "e": "AQAB" }

documentation.securityTools.pemJwkConverter.examples.two.title

Input

documentation.securityTools.pemJwkConverter.examples.two.before

Output

documentation.securityTools.pemJwkConverter.examples.two.after

Related tools

Inspect JWKS: inspect-jwks. Certificates: decode-certificate. Verify JWT: jwt-verify.

PEM ↔ JWK FAQ

Public-first conversion

Why is my RSA PRIVATE KEY (PKCS#1) rejected?

v1 accepts PKCS#8 private keys only. Convert with: openssl pkcs8 -topk8 -nocrypt -in key.pem

Does output include alg?

No. A bare public key does not imply a signing algorithm — alg is omitted from PEM→JWK output.

Can I export private JWK to PEM?

No in v1 — use public JWK fields only.

Size limit?

512 KB per paste.

Security & tokens

JWKS, X.509 certificates, and secrets scan — browser-local.

Explore other tool categories

Minify

Shrink code and assets for production — minify JavaScript, CSS, HTML, JSON and XML before gzip or CDN deploy.

Beautify

Make code readable with consistent indentation — beautify JavaScript, CSS, TypeScript, SCSS, LESS, Markdown, GraphQL, SQL, YAML and more in your browser.

Unminify

Expand minified or compressed code — unminify JavaScript, CSS, TypeScript, SCSS, LESS, SQL, YAML and other formats when debugging or reviewing.

Conversion

Transform data between JSON, YAML, XML and CSV locally — no server uploads.

JSON Tools

Validate, format, diff and explore JSON payloads — complementary to minifiers and converters.

SVG Tools

Preview, optimize with SVGO, export Data URI, resize, beautify, convert to JSX and validate SVG — all in your browser.

DevOps & Infra

Terraform HCL format/validate/minify, Dockerfile format & lint, Docker Compose and .env validation.

CI/CD

GitHub Actions and GitLab CI — format YAML and check workflow/job structure in your browser.

Logs & observability

Line-oriented JSON/NDJSON and Nginx/Apache access logs — format, filter, validate, and CSV/TSV.

Kubernetes

Multi-doc manifests, structural validate, Ingress/Deployment starters, and Helm values formatting.

Networking / IP

CIDR, subnets, and IPv4/IPv6 helpers — in your browser.

API & schemas

OpenAPI tools to format, validate, and lint your specs.

Encoding

Encode or decode Base64, URL components and HTML entities — client-side only.

Developer utilities

Timestamps, UUID, ULID, Nanoid, cron, passwords, regex, slugify, number bases, case, text diff, and chmod — all client-side.

Serialization

Serialize and deserialize PHP data structures beside JSON workflows.