PEM ↔ JWK Converter — Public Keys
Convert RSA/EC public PEM (SPKI) to JWK JSON and back. Private PKCS#8 input yields redacted public JWK only. Paste-only — no network.
Developer notes
• Auto-detect PEM vs JSON. • Exported JWK omits alg (signing alg unknown from bare key). • PKCS#1 RSA private keys rejected — convert to PKCS#8 first. • Private JWK → PEM not supported in v1. • 512 KB limit.
Options
When teams pick this route
• Build JWKS JSON from a PEM public key. • Export SPKI from a JWK for OpenSSL/config pipelines. • Pair with inspect-jwks for inventory.
Worked examples
SPKI PEM → JWK
Input
Output
documentation.securityTools.pemJwkConverter.examples.two.title
Input
Output
Related tools
Inspect JWKS: inspect-jwks. Certificates: decode-certificate. Verify JWT: jwt-verify.
PEM ↔ JWK FAQ
Public-first conversion
Why is my RSA PRIVATE KEY (PKCS#1) rejected?
v1 accepts PKCS#8 private keys only. Convert with: openssl pkcs8 -topk8 -nocrypt -in key.pem
Does output include alg?
No. A bare public key does not imply a signing algorithm — alg is omitted from PEM→JWK output.
Can I export private JWK to PEM?
No in v1 — use public JWK fields only.
Size limit?
512 KB per paste.
Security & tokens
JWKS, X.509 certificates, and secrets scan — browser-local.
Explore other tool categories
Minify
Shrink code and assets for production — minify JavaScript, CSS, HTML, JSON and XML before gzip or CDN deploy.
Beautify
Make code readable with consistent indentation — beautify JavaScript, CSS, TypeScript, SCSS, LESS, Markdown, GraphQL, SQL, YAML and more in your browser.
Unminify
Expand minified or compressed code — unminify JavaScript, CSS, TypeScript, SCSS, LESS, SQL, YAML and other formats when debugging or reviewing.
Conversion
Transform data between JSON, YAML, XML and CSV locally — no server uploads.
JSON Tools
Validate, format, diff and explore JSON payloads — complementary to minifiers and converters.
SVG Tools
Preview, optimize with SVGO, export Data URI, resize, beautify, convert to JSX and validate SVG — all in your browser.
DevOps & Infra
Terraform HCL format/validate/minify, Dockerfile format & lint, Docker Compose and .env validation.
CI/CD
GitHub Actions and GitLab CI — format YAML and check workflow/job structure in your browser.
Logs & observability
Line-oriented JSON/NDJSON and Nginx/Apache access logs — format, filter, validate, and CSV/TSV.
Kubernetes
Multi-doc manifests, structural validate, Ingress/Deployment starters, and Helm values formatting.
Networking / IP
CIDR, subnets, and IPv4/IPv6 helpers — in your browser.
API & schemas
OpenAPI tools to format, validate, and lint your specs.
Encoding
Encode or decode Base64, URL components and HTML entities — client-side only.
Developer utilities
Timestamps, UUID, ULID, Nanoid, cron, passwords, regex, slugify, number bases, case, text diff, and chmod — all client-side.
Serialization
Serialize and deserialize PHP data structures beside JSON workflows.